Is SSL even nessecary?

[MrGamma]

I was curious as to the benefits of SSL security... I mean... Why bother? Is it not true that if given the option people would resort to keystroke recorders over cracking an encryption?

I mean... networks are fairly secure these days... is packet sniffing and interception even a reality these days? I would appreciate if anybody could lend me a few buzzwords so I could do a little research of my own as to how to secure my network traffic without resorting to SSL...

Thanks if anyone can help...

[Xav]

SSL, like everything, is a tool. You can't have too much security. Besides, networks are far from secure, in these times of weak passwords and WEP keys.

[MeTh0Dz]

I would never send any type of critical data over any network without first encrypting.

And what do you mean is packet sniffing and intercepting a reality? Of course it is, wardriving is now more popular than ever and all it takes is arp poisoning to steal packets in a LAN.

I could go on about this, but I hope you got the idea.

[TkTech]

Only way I really trust sending critical traffic is with a rotating 256-bit encryption key.

Its significantly easier to simply intercept someones traffic then to invade a system and install a keylogger. Something like wireshark which contains hundreds of signatures can tell you what protocol/application is being used and trace the conversation.

I mean... networks are fairly secure these days... is packet sniffing and interception even a reality these days?

Uh. No comment.

[municipol]

SSL won't do too much to help your data. If you're the kind to always go that extra mile or install that extra plugin, you'd probably want to use SSL. But for logins and stuff, ssl probably isn't you best choice.

[MeTh0Dz]

SSL won't do much. lol alright

[morefood2001]

SSL to me is another tool as well that adds an additional layer of security to .

I do believe it will protect your data long enough to where you would have different information. I rarely give out any information that doesn't change on an annual basis (eg: social security number). I only give out credit card information when I buy something using paypal.

Our professor in a CS class I took explained how ssl works, and to sum it up, basically there are 2 keys. A public key and a private key. The public key is given to everyone and everyone will use that to encrypt the data. The private key is generated for your use only. When you receive data you use this key to decrypt the data. I forget the exact formula, but the algorithm used is very hard to reverse. I think our prof said it would take a year for the most powerful super computer to get the data back in the best case. This is why I trust ssl for information that changes on an annual basis. This was back in December of 2007, so I am not sure if this is still true.

[Doe1974]

Security is provided by layers. The fact that someone is able to use a keylogger is not enough to stop using SSL. SSL is designed to encrypt the info before leaving your machine.

---------------------------------------
Doe1974
System Analyst and Web Programmer
Specialist in ecommerce stores developed with Free Comersus Cart and blog sites developed with Free Wordpress
Support Open Source!!!

[sohel003]

I mean... networks are fairly secure these days... is packet sniffing and interception even a reality these days? I would appreciate if anybody could lend me a few buzzwords so I could do a little research of my own as to how to secure my network traffic without resorting

[MeTh0Dz]

Dude you obviously don't know **** about networks, I could walk into your company setup my laptop and start ******* with your network all day. Networks are far from being secure, when I use a DNS zone transfer or I start ARP poisoning you how do you plan to stop it? And then for all the noob administrators out there who run DHCP, yeah life just became a whole lot worse for you when I walked into your place of business.

How can you question the reality of packet sniffing and interception?

Don't try to say something is secure when you don't even understand it.