Qualys reports HTTPS on Yahoo! Mail is not good.

Yahoo! Mail has the HTTPS service all the time shortly Ivan Ristic from Qualys report the encoding of Yahoo! That are not satisfactory, because the use of RC4 and the key exchange process is confidentiality in the future (forward secrecy)


Qualys found that The encryption function functionality. By the server in login.yahoo.com Used a password to use AES encryption more secure. But it does not prevent new attacks, such as BEAST or CRIME anyway

key exchange process has been previously always traded with RSA encryption key, a key on both sides. But back to protect in case the server is hacked then the key to decrypt the data. Experts often recommend the use of encryption, key exchange process. Diffie-Hellman No keys are exported from it. Despite intercepted data communications make it. And the secret key to decrypt it later did not

piercing even to steal the secret key from the device will not report very often. But the concerns of many experts recommend using NSA making process to ensure that support forward secrecy

for Thailand Most banks use the RSA key exchange and RC4 encryption which is not confidential in the future. Only some, but redeemable AES_256 encryption keys with RSA

Source – IT World



                     HTTPS, Security, Yahoo!



  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: