Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-06-2002, 01:21 AM
|
#1
|
Member
Registered: Dec 2001
Location: Brisie, Australia
Distribution: Slackware 8.1
Posts: 324
Rep:
|
SSL vs. TLS
What's the difference between SSL and TLS, and which is more secure.
|
|
|
04-06-2002, 03:39 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Generally speaking TLS is the successor to the Netscape-designed SSL. A lot of apps speak TLS nowadays, but not all. You can have both TLS and SSL.
*Before asking questions like "which is more secure" IMHO you should read up on both protocols and it's pitfalls and/or state what you're securing. That'll allow you to ask more specific and detailed questions.
|
|
|
12-14-2002, 06:11 AM
|
#3
|
Member
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103
Rep:
|
ok, so say I'm writing my own application that has to be as secure as humanly possible, say for arguments sake I'm transferring mission critical data which would cause me to lose my job if it were to leak out, what would your advice be?
|
|
|
12-14-2002, 07:58 AM
|
#4
|
Member
Registered: Apr 2002
Distribution: Gentoo 2006.0 AMD64
Posts: 399
Rep:
|
<me being a smart arse>
write it on a piece of paper...put it in a suitcase...lock it with a padlock, combination lock, and weld it shut. Handcuff it to your arm, get in your car and drive it to where you want the information to get to.
</me being a smart arse>
and yet, I'm still not too sure about this one...
|
|
|
12-14-2002, 04:12 PM
|
#5
|
Member
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103
Rep:
|
Not where I live. Id put more money on clear text email than on driving through mid-city with that same money. Perhaps if you give me a hundred or so security guards as well. Yes, I know nothing is 100 % secure. Keys can be guessed (highly unlikely though - except for certain implementation cases where things are not as random as they should be), keys can be stolen etc... Point is, which would be harder to brute force?
|
|
|
12-16-2002, 10:31 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
1. ok, so say I'm writing my own application
Get help. Seriously. You don't want to do this on your own w/o peer review from the design stage up.
2. application that has to be as secure as humanly possible, say for arguments sake I'm transferring mission critical data
Realtime or not?
High volume or not?
CPU-bound no prob?
Where does the data come from?
Where does the data go to?
...and what are the bottlenecks in the prev. two?
..and also security wise?
What are your redundancy options?
Is getting the data OOB-like an option?
Is it possible to/what happens if you send the data split up?
Is it still mission critical/usable?
Heh. More questions than answers.
|
|
|
12-16-2002, 02:11 PM
|
#7
|
Member
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103
Rep:
|
Shuks, when I read the email I thought I was in for a serious flaming... phew. Sorry to say, but I am working alone - I really do regret that, however, all principles have been checked and are probably as secure as they will be. Secret protocol as well + two way authentication (using SSL certs for which we hold both the CAs's private keys on an a non-internet connected machine). Well, there are other jazz as well.
atm the load is not too bad, probably won't ever go over a hundred or so similtanious connections but I'll monitor that as we go along. CPU usage shoots up to 100 % at points (well,actually if this didn't happen it would be a problem since a CPU is either working or not). But usually (with 4 incomming connections) its sitting under 10 % on a Pentium mmx 200MHz with 64MB Ram.
The data is coming from all kinds of weird places, truth be told, no one knows excactly where it'll come from - and by no one I really mean no one - well, not anyone human anyway.
If you could just point me in a direction, it'll help. What I know about TLS and SSL is limited. I know the ideas behind the whole protocol, hand shaking and proving about holding the private keys etc ... establishing a session key for something like triple des or whatever it is your using. As I understand it TLS is just the newer version of SSL. Or at least the one supposed to have the "standards". Please correct me if I'm wrong.
|
|
|
12-16-2002, 05:35 PM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
Uh... maybe have a look at these or these books, or try searching off the beaten tracks here for refs?
|
|
|
12-17-2002, 04:39 PM
|
#9
|
Member
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103
Rep:
|
ok, i'll just wait and see if CiteSeer comes back up any time soon ...
thanks for your help so far.
|
|
|
All times are GMT -5. The time now is 06:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|