So this video explains how https works. What I don’t get is what if a hacker in the middle pretended to be the server and provided me with the box and the public key. wouldn’t he be able to decrypt the message with his private key? I’m not a tech expert, but just curious and trying to learn.

  • ZeroGravitas@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    Nevermind hackers. Look up “corporation in the middle” attacks, which is a prime example of subverting secure channels at scale.

    If you don’t own the hardware, nothing you do on it is truly private. Ditto if someone else has admin access to your hardware (eg BYOD scenarios) . Inserting a root certificate into the OS is trivial in both cases.