What are the solutions for encrypting communications between a website and a client without using HTTPS?

S

StrangeAttractor2015-12-05 20:29:06

Computer networks

StrangeAttractor, 2015-12-05 20:29:06

As you know, in the matter of ensuring the confidentiality of data transmitted between a website / service and a client, HTTPS can no longer be fully relied on nowadays. some (administrators of corporate networks and even entire states ) decipher it in the most unceremonious way. The obvious question is: what are the alternatives? Yes, having some understanding of cryptography, you can try to fence some bicycles, but is it necessary, or has something good already been invented before us?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

sim3x, 2015-12-05
@sim3x

None
In the sandbox, there is generally little that can be protected from the "excavator"
Only the presence of its own application makes it possible to rely on at least some security of information exchange

A

Andrew, 2015-12-05
@OLS

Embedding in the SSL/TLS chain is done by installing a fake root certificate on the client, i.e. speaking more broadly - by compromising the client computer.
In such a formulation of the problem, if the attacker wants very much, he can simply display for you what you want to see, while transmitting completely different things through the communication channel (the fantasy can be completely diverse).
The only way out is a hardware device whose system and application software you trust. If we are talking about small amounts of information, then you can look towards trust-screens ( SafeTouch , ruToken PINpad , Vasco DigiPass 920 and similar).
Or, if there is reason to believesimultaneous hacking of your PC and smartphone is unlikely - various similar software solutions that display on the smartphone a key block of information from the PC.