SSL Certificate

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Scratch It replied

6 December 2017, 21:50
Leave a comment:
woohoo replied

9 July 2017, 19:14
Originally posted by cojak View Post

You shouldn't be using the same password on sites you value as on CUK anyway.

True but people do and they also make mistakes, it's also true the security on CUK is tulipe.
Leave a comment:
cojak replied

9 July 2017, 18:55
You shouldn't be using the same password on sites you value as on CUK anyway.
Leave a comment:
yetanotherbob replied

9 July 2017, 17:51
Originally posted by woohoo View Post

It's incredibly easy to break the hash that CUK uses to find out the actual password. So if you do use it on other sites then don't.

Good point: https://en.wikipedia.org/wiki/MD5#Security
Leave a comment:
woohoo replied

9 July 2017, 17:34
Originally posted by yetanotherbob View Post

At least they are sending a hash of the password over the Internet between your browser and CUK.
Not that it helps much against someone adequately motivated as it's a simple hash of the password, so someone could simply use that to perform a fake login (but at least they won't know your real password - e.g. if you use it on other sites).

If CUK were to maybe add digest authentication, then at least the hash would be different for each login attempt.
(still doesn't completely prevent a dedicated MITM to fool you into revealing your real password but would make it harder and more sophisticated)

It might just be easier to add SSL though.

It's incredibly easy to break the hash that CUK uses to find out the actual password. So if you do use it on other sites then don't.

FYI just google break hash, one of the top ten will allow you to enter the hash and it will be converted to plain text. So you don't even need to be dedicated, just half interested.

TBH it's not that big a deal for me, CUK doesn't hold my cc details. Though it does hold my email and I suppose you could use that along with the password on a number of popular websites. I'm lucky I don't think that combination would work on anything, only because it's using an old email address.

Last edited by woohoo; 9 July 2017, 17:47.
Leave a comment:
yetanotherbob replied

9 July 2017, 09:33
Originally posted by woohoo View Post

I guess the password is big un, would be fairly easy to monitor network traffic and get login details. Then anyone could login and post random crap, it's clear from General this happens frequently.

At least they are sending a hash of the password over the Internet between your browser and CUK.
Not that it helps much against someone adequately motivated as it's a simple hash of the password, so someone could simply use that to perform a fake login (but at least they won't know your real password - e.g. if you use it on other sites).

If CUK were to maybe add digest authentication, then at least the hash would be different for each login attempt.
(still doesn't completely prevent a dedicated MITM to fool you into revealing your real password but would make it harder and more sophisticated)

It might just be easier to add SSL though.
Leave a comment:
woohoo replied

3 July 2017, 11:03
Originally posted by Snarf View Post

Im curious as to what benefit an SSL cert would bring to CUK?

Yeah, ok the traffic to the site would be encrypted, but its a public forum, any traffic (except your password when you log in) will most likely end up on a public forum anyway...

I guess the password is big un, would be fairly easy to monitor network traffic and get login details. Then anyone could login and post random crap, it's clear from General this happens frequently.
Leave a comment:
Snarf replied

2 July 2017, 02:00
Im curious as to what benefit an SSL cert would bring to CUK?

Yeah, ok the traffic to the site would be encrypted, but its a public forum, any traffic (except your password when you log in) will most likely end up on a public forum anyway...
Leave a comment:
SimonMac replied

28 June 2017, 08:31
Originally posted by eek View Post

It's free with automated renewals at https://letsencrypt.org

However adding ssl would be broken due to all the unencrypted photos already linked to on this site so it's a can't see the point from me

Been using letsencrypt on http://camnomis.com/ for a while, seems to be god enough for most basic sites (ie nothing eComm) and most people expect to see a padlock etc. these days
Leave a comment:
eek replied

28 June 2017, 05:52
It's free with automated renewals at https://letsencrypt.org

However adding ssl would be pointless due to all the unencrypted photos already linked to on this site so it's a can't see the point from me

Last edited by eek; 28 June 2017, 08:42.
Leave a comment:
DimPrawn replied

27 June 2017, 21:30
Originally posted by Scratch It View Post

Could CUK get one please?

Costs £10

Not in Brexit Britain, we need it for soup kitchens.
Leave a comment:
Scratch It started a topic SSL Certificate

27 June 2017, 19:27
SSL Certificate

Could CUK get one please?
Tags: None