Title: Digital signatures and Certificate made Bitcointalk documents secured... Post by: Zilon on July 23, 2022, 12:44:47 PM
While digital certificates are files or electronic passwords that embraces cryptographic hashes and public key infrastructure to authenticate the validity of a device, server or user (PKI). Public key infrastructure (PKI) governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications and are widely acknowledged protocol for digital signatures. SHA-256 are secure Hash Algorithm used as the preferred hash function to secure most digital documents and after the ban of SHA-1 since it is vulnerable to attacks, digital authorities switched to SHA-256 hash and ECDSA but still wondered why Baltimore CyberTrust Root still issue SHA-1 with RSA encrypted hashes in its certificate to bitcointalk. RSA are secured but how about SHA1 Quote SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, How to check the certification of Bitcointalk
https://i.imgur.com/RNd1MwW.png
https://i.imgur.com/eC4nqq1.png
https://i.imgur.com/JU93tT7.png
https://i.imgur.com/eX8xdvt.png still wondering why this has to use SHA1 https://i.imgur.com/RMsaRAG.png https://i.imgur.com/bLzZ9cb.png [/list] Always check for this padlock at the url to ensure the sites you are visiting are well validated and secure and that they use SHA256 signature algorithm. source: link (https://www.computerworld.com/article/3173616/the-sha1-hash-function-is-now-completely-unsafe.html) Title: Re: Digital signatures and Certificate made Bitcointalk secured... Post by: jackg on July 23, 2022, 03:17:54 PM 256 byte keys are big afaik, rsa is secure at 2000+ bytes (and are theoretically cinsidered that secure for 10 years).
Have you opened this site in the console bit? I used to get warnings on Firefox if sites used sha1 for some things but there's a difference with using sha1 for the encryption algorithm/ie cryptographically signing things and signing sha1 documents with your private key and using it for generating a checksum. MD4 can be used in some circumstances for checksums too. It might be faster for larger inputs and hard to bruteforce (if you have to include authentic data) - I'd prefer more checksums than fewer. If someone wanted to launch an attack on bitcointalk, they wouldn't be able to attack much afaik especially for logged in users but I'm not sure if entropy bytes are signed too for pages that are publicly accessible (like the login page). If server time or something is also signed then an attack on those would be impossible. Edit: thinking about it, there are time errors you can get when connecting to sites using https so it's likely impossible to believably bruteforce. Title: Re: Digital signatures and Certificate made Bitcointalk secured... Post by: SquirrelJulietGarden on July 23, 2022, 03:40:01 PM SSL vs. TLS and difference (https://bitcointalk.org/index.php?topic=5223953.0) with very detailed explanation on differences between two certificates.
A certificate is not an only sector that will make a website is good or bad. On tip of iceberg, looking at SSL and TLS sites, SSL site brings a safer feeling and better security. Under the iceberg, more things will make a site is good or bad or vulnerable to attacks. The certificate is not all. Title: Re: Digital signatures and Certificate made Bitcointalk documents secured... Post by: Zilon on July 23, 2022, 04:43:24 PM SSL vs. TLS and difference (https://bitcointalk.org/index.php?topic=5223953.0) with very detailed explanation on differences between two certificates. I didn't go into much details to describe the types of certificates this authorities provide because a thread has already been created on that and will make this long and boring. I centered more the Hash function used for details about certification types the link you provided serves the purposeA certificate is not an only sector that will make a website is good or bad. On tip of iceberg, looking at SSL and TLS sites, SSL site brings a safer feeling and better security. Under the iceberg, more things will make a site is good or bad or vulnerable to attacks. The certificate is not all. Title: Re: Digital signatures and Certificate made Bitcointalk secured... Post by: BitcoinGirl.Club on July 23, 2022, 06:32:12 PM A certificate is not an only sector that will make a website is good or bad. On tip of iceberg, looking at SSL and TLS sites, SSL site brings a safer feeling and better security. Under the iceberg, more things will make a site is good or bad or vulnerable to attacks. The certificate is not all. These days any site can have SSL. SSL ensures encrypted data from the hosting server to client browser. A site can have SSL but still it can be used for illegal activities like having a phishing site.The only secure practice in my opinion is to know the domain name. Memorize it or save it on your browser. You can save it in a file too. Google is always unsafe. Many people go to google and search for the domain name. Scammers rank up their domain for the domain name people search and users reach to the scammers site. This is how regular hacks happens. Title: Re: Digital signatures and Certificate made Bitcointalk documents secured... Post by: vv181 on July 24, 2022, 12:04:24 PM still wondered why Baltimore CyberTrust Root still issue SHA-1 with RSA encrypted hashes in its certificate to bitcointalk.
https://i.imgur.com/eX8xdvt.png still wondering why this has to use SHA1 Root certificate are being used only to verify the issuer of intermediary of the TLS certs, which in this case Cloudflare. It is being shipped by default within a browser or an OS. Many sites e.g. Google, DDG, and Binance are also using SHA-1 with RSA encryption, as its root cert. I don't know the security importance of it in the process of the whole of how SSL/TLS works. But from my understanding, it's the way it is. For a further reference of how it being used and why it still used, I suggest see: Why is it fine for certificates above the end-entity certificate to be SHA-1 based? (https://security.stackexchange.com/questions/91913/why-is-it-fine-for-certificates-above-the-end-entity-certificate-to-be-sha-1-bas) |