Introduction to Strong Cryptography One thing that amazes me is that the most developers are not familiar with strong cryptography. In my career, I’ve seen all sort of mistakes that lead to leaked data, guessable passwords, unfortunate disclosures, and worse. The nice thing is, you don’t have to understand the ridiculously complex math behind the algorithms, you only have to know the rules for using them correctly. By the end of this series, my goal is to de-mystify the magic, so you can start using the primitives in your code right away! But first, when I say Strong Cryptography, what the hell am I referring to anyway? Strong cryptography or cryptographically strong are general terms applied cryptographic systems or components that are considered highly resistant to cryptanalysis. One thing I’ve seen repeatedly done is that developer ‘invents’ a cryptography scheme for a particular purpose. -Jonathan on cryptography. Any ideas?
CEH | Certified Ethical Hacker | Etik Hacker SSL MITM Proxy Description mitm-proxy is an Java-based SSL proxy that acts as a "man in the middle". In other words, proxied HTTPS requests are terminated by the proxy and resent to the remote webserver. The server certificates presented to the client (i.e. a web browser) are dynamically generated/signed by the proxy and contain most of the same fields as the original webserver certificate. The subject DN, serial number, validity dates, and extensions are preserved. However, the issuer DN is now set to the name of the proxy's self-signed certificate and the public/private keys of the proxy are used in creating the forged certificate. Documents Download NOTE: this tool can NOT be used for any commercial purposes, as is, because it makes use of an educational/research version of the IAIK JCE library. Version 1.0 (April 12th, 2007) Usage The mitm-proxy requires a Java runtime (1.5 or later) and has been tested on various windows and linux platforms. Notes on the options: Credits Staff: Background:
SecLists.Org Security Mailing List Archive