Hey everyone, In this video, We’ll understand how SSL certificates work and how they are helpful in establishing secure …
[ad_2]
source
Hey everyone, In this video, We’ll understand how SSL certificates work and how they are helpful in establishing secure …
[ad_2]
source
Lorem ipsum dolor sit amet, consectetur.
Is it possible ki mitm generate his certificate and pass on to the client
Bro but jb server client ko SSL certificate deta hai public key k sath then wo bhi to man in the middle bich me ho sakta hai
Why isn't every call encrypted asymmetrically? This way the server won't be storing every client's key to decrypt its requests, and just use its own private key to decrypt the requests.
A good developer always uses dark mode
this isn't very safe as well, the safest is "three pass protocol", however three pass protocol takes 3 times extra time, it sends the data thrice between client and server. To understand this, consider this analogy:
I took a diamond and put it in an unbreakable box, i put my lock there and send it to you, you cannot open it because you don't have the key, so you put your own 2nd lock into it and send the box back to me, I'll open my 1st lock and take out my lock and send the box back to you, you open the 2nd lock with your key and get the diamond.
If the hacker pretend to be the server can't he also pretend to be lets encrypt to fool the certificate ?
Bro if n user connect with server n symmetric key is generated and how server store n user symmetric key for data decrypt
excellent explanation!👍
Great video brother
this was a banger video, thank you so much piyush
Explanation is not up to the mark when it comes to the critical point of the video. You have to explain the scenario when a hacker comes into picture while you are having an SSL certificate
Excellent
Very nice thanks
Kmaal
Very good Man…keep up
Hacker just needs a certificate from the same agency and he can still hack!. so maybe there is something that you are missing!
Hacker is not ours by the way 😅😅
Nice explanation !!!
Nice video but perhaps one correction at 15:11 min. SIGNATURE = SERVER PUB KEY + LETS ENC PRIVATE KEY. Since LETS ENC keys are asymmetric, only data(server public key) encrypted with LETS ENC private key can be decrypted using LETS ENC public key. So Client(browser) will use LETS ENC public key to decrypt Server certificate signature(which should be server public key) and verify that server is indeed whom he claims to be.
you should give answer to how as well, like you mentioned man in middle attack will happen but how that is the question
Very good information
Excellent !! Thank you!
But, can't Middle man proxy the public key sent by authority to the client
Excellent.
But what if the hacker spoofs this also and works does a MIM attack with its own certs created by CA for the same domain. Isn’t that possible?
Great video🎉
Aap ek or baat yeh batao k agr hum single SSL certificate ko use krty huy multiple authentication krna chahein tou kaisy kareingy ?
but how the encryption and decryption, signature verification works while sending the data from server to client ?
what happens when a hacker tries to sniff the public key from the issuer also?
Thanks Piyush for your valuable effort, I think CA signs the CSR with private key not with public key, CAs public key can easily available for Hacker / MMA too, public key of CA can be used for verify the digital signature of Issuance authority
Bhai, video ekdum zabardast hai.. for the beginners
Simple and easy way mein samjaya bro…. great video…. need more this type of videos further… Thanks
Awesome Explaination. Thanks for sharing.
No words to say sir, I really like you!
What if hacker intercepts and manipulates both the connection…. sends fake cert to user (both keys fake) + sends the same cert while intercepting the communication between client and cert issuer (saying… hanji ye cert asli hai).
What is openssl??
Need more info at 15:20, formula for generating signature: <server pub key+lets enc pub key> encrypted. using which key it is encrypted? answer is lets enc's private key.
Also, <server pub key+lets enc pub key> is encrypted as is?
OR
Hash is generated out of <server pub key+lets enc pub key> and then encrypt it?
How does SSL work for static apps which does not have Backend server ?
Can a man-in-the-middle hacker not fake the certificate as well? They generate two public keys, make their own certificate. Send you their own public key and certificate when you communicate with the server, and then the other public key when you communicate with Let'sEncrypt? This will mean that the certificate signature will match.
wait so why cant the hacker just change the cert signature that’s sent to the client by acting as a proxy to LEPub+HackerPub? Just by Introducing SSL Cert all we have done is send more data the same way we were sending the public key before, but it’s still just data, it can be tampered with in the same way as before.
Demag khol diya bhai ssl certificate ke bare me
great video brother thank you
Thank you very much.
Thanks buddy 😊… That was helpfull
Can you also share more details how User/client is communicating with Certificate Authority (Let's encrypt) to validate the public key?
Thank you so much for this video and a great explanation Sir.
Nicely explained👍
It is great explanation , but incomplete one
when an SSL/TLS certificate is created, a chain of certificates is typically established.
When a client (such as a web browser) connects to a server secured with SSL/TLS, it checks the chain of certificates to ensure that the end-entity certificate (your domain's SSL certificate) can be trusted. This verification involves:
1. Checking if the SSL certificate is signed by an intermediate certificate.
2. Checking if the intermediate certificate is signed by a trusted root certificate that is included in the client's trust store (typically maintained by the operating system or browser).
But hacker can also go to Let’s encrypt and ask for their public by acting as client… In that situation how it can be handled ?
But hacker can also go to Let’s encrypt and ask for their public by acting as client… In that situation how it can be handled ?
Was that a chair aur code reference 0:31 ☕️?
I think you forgot to mention that ssl certificate is encrypted by the private key of the authority. Am I correct?