• NewCastle252

    NewCastle252

    2 years ago
    what does that mean?
  • ?

    user

    2 years ago
    You are trying to protect against TLS MITM, right?
  • NewCastle252

    NewCastle252

    2 years ago
    Well was, but I have given up on that
  • NewCastle252

    NewCastle252

    2 years ago
    Now I'm just trying to limit damage if server logs are leaked, and trying to protect as much little things as possible
  • NewCastle252

    NewCastle252

    2 years ago
    Of course I want to solve every angle of attack, but I just can't find a way to protect aginst MITM
  • ?

    user

    2 years ago
    If you want to limit damage there, I think what you said above is most relevant, never log credentials anywhere
  • NewCastle252

    NewCastle252

    2 years ago
    The good old times: I got an email from GitHub, "Hi our bad, yes we saved your password in plain text logs 😄"
  • ?

    user

    2 years ago
    in order to protect against that you need a key exchange that happens outside the vulnerable process. This is how cryptocurrencies do it
  • NewCastle252

    NewCastle252

    2 years ago
    So the TLS happens over like mobile connection?
  • NewCastle252

    NewCastle252

    2 years ago
    Is MITM possible on mobile (excluding the ISP)?