Ssl Login Trial

[irokin]

Just trialing this for a month at the moment. It's simply an encrypted transmission method, enabled on registrations and logins.

 

If you have any troubles logging in email me: [email protected]

[altezzaclub]

nice- I see the Courts in the USA are arguing over whether the Govt can demand your encryption key from you. I've just heard about a smartphone app that pretends to be a wireless router and copys all the data as it goes through, so I think this is getting to be important.

[irokin]

nice- I see the Courts in the USA are arguing over whether the Govt can demand your encryption key from you.

 

Very dangerous road to go down with serious security ramifications. Bad idea IMO. I can see what they're trying to do but I don't think they've considered (or care about) the side effects.

 

I've just heard about a smartphone app that pretends to be a wireless router and copys all the data as it goes through, so I think this is getting to be important.

 

Yep, if you're not in control of the hardware you're connected to and you're sending passwords in the clear (not encrypted) then there's every possibility your password will be sniffed. It's not a new technique but it sounds like it's being bought down to the level of consumers now.

 

I should point out though, if you're not in control of the hardware while your password should be safe over SSL an attacker could still hijack your Rollaclub session. I could encrypt the entire site but I don't think that's necessary at this stage. There's CPU and bandwidth issues that we would probably encounter.

 

 

Hopefully I can start a bit of a trend and get some more forums to consider it.

[irokin]

Just in time for Change Your Password Day, February 1.