Man In Middle Attack for HTTPS
A man in middle can decrypt the certificate(public key for decryption is available on everywhere) and steal the public key for the session. Now the middle man can read all encrypted messages from web server to client. But cannot read messages from client to server. So how does HTTPS avoid this?
You're quite simply misunderstanding how asymmetric cryptography works:
The public key in the certificate will NOT let you decrypt anything, it's not what it's for.
Man in the middle can see public key as part of certificate, but cannot see the private key.
Peer has to trust public key because it's signed by some CA they know in advance.
That's fundamentally it.
链接地址: http://www.djcxy.com/p/21756.html上一篇: CA颁发了SSL证书有用性
下一篇: 中间人攻击HTTPS