@ivesen ...It's faster too? Seriously? :/
significantly so.
here's a blogpost from troy hunt which is where I learned of this initially:
https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/
and the website he used to showcase it:
http://www.httpvshttps.com/
@ivesen @Angle
I'll just leave it here. No shots fired.
https://youtube.com/watch?v=ZmlQoeEycPc
@BrightOne @ivesen Eh, I haven't been very impressed with Bryan Lunduke. :/
@ivesen @Angle I think he "backed out" considerably. I didn't get any impression from the video. He DOES say that it is "not bad, only dangeroues", and that we shouldn't just abandon it. On this point, I agree. The current way of how it's done now is still to be debated...
Nonetheless, thanks for sharing :3
@BrightOne @ivesen ...Is the secure hash algorithm seriously compromised by the NSA? That seems like a bit much. :/
@BrightOne @ivesen No, I know that part. But whats the harm in it being made by them? Like, most security technologies have similar origins. :/
@Angle @ivesen Well, it's the NSA that got a bit of "suspicious" aura in the last few years, for many reasons.
Nonetheless, there's one idea from that video that I agree with 100%. We shouldn't treat HTTPS as a "holy grail". We shouldn't treat any tech as such at all.
That's just an example.
And maybe me and Lunduke overexaggerate things a bit. :3
@BrightOne @ivesen Well yeah, I think that goes without saying. Like, who even does that? :/
well, infosec types talk about how https solves $problems
and do so excessively because too many people don't use https.
As a result there are some people who don't realize https could be dangerous.
also, https is extra dangerous if you use nginx/apache
@Angle @ivesen Not compromised.
Just MADE by an institution (NIST) that directly relates to (and mandatory consults with) NSA.
Don't take my word for it. https://en.wikipedia.org/wiki/SHA-1#Development