Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialAndrew Young
Courses Plus Student 639 PointsHow do you exchange public key securely?
Question:
- Can you point out which of the following method is the most secure one? If not, can you suggest a method?
- Is there any improvement of your selecting best method of mine? (optional)
Question details:
In nowadays we mostly use asymmetric encryption is messaging, so in order for the encryption to work, we need to exchange public key first.
So now let's support there are two characters, Alice and Bob are transporting data using the server.
First method:
So the first method we exchange the key in plain, like this:
Bob ---Bob's key---> Server ------> Alice
And vice versa. But with this method, the MITM attack can change the key in the middle of the process. So, will the issue still be able to happen if we use DV SSL?
Second method:
And the second method, we add verifications, like this:
Server key database
|
encrypt
|
Bob ---Bob's key+verification ---> Server ---> Alice
But with the following design, I'm not sure if there any vulnerable?
1 Answer
Steven Parker
231,248 PointsOn your first method, DV SSL is vulnerable to MITM attacks. DV SSL should not be used for financial or other high-risk data transfers.
You didn't describe what "verfication" was for the second method, but assuming you meant EV SSL, that should be adequate for sensitive data.
Andrew Young
Courses Plus Student 639 PointsAndrew Young
Courses Plus Student 639 PointsSorry for that, here is more details about method 2:
P.S. if the flow doesn't shows right view it here