httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <...@bourse.ch>
Subject Re: mod_rewrite and apache
Date Wed, 16 Jan 2002 11:47:27 GMT
-bill- wrote:
> 
> That is an interesting piece of info, but why would you want to encrypt/decrpyt
> an image ?

I can think of a few reasons:

The Obvious One: You don't want anyone except the recipient to see it.

The Devious One: Imagine you have a snooper on the line, intercepting
all your traffic and trying to crack it (this is what SSL protects
against). If you encrypt all the files served from your SSL site, all he
sees is a unbroken stream of encrypted data - he hasn't a clue where to
start, so has to record it in huge chunks then try to crack them using
brute force.

However if, for example, you decide to save computing resources in the
server by not encrypting images and only encrypting text data, then now
he sees lots of GIF and JPG data flying past en clair - interspersed
with small nuggets of encrypted stuff. Sneering to himself, he grabs
those and bends all his resources to cracking these much smaller blocks
of data with his super-computer. He is encouraged by the knowledge that,
since these are the only things you bothered to encrypt, they must be
REALLY important...

SSL isn't only about encryption, there's also the wheat and chaff aspect
too.

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message