Anyone know of a website which implements AES?

**thorin** · 10-05-2007, 02:47 PM

I'm looking for a few websites which implement AES for their session encryption via HTTPS (SSLv3 or TLS), does anyone know of any?

**imported_blackfoot** · 10-05-2007, 04:40 PM

That's a really interesting question and I considered it for half-an-hour.

I cannot say I have a way of finding out. certainly most should have now enabled use because we were discussing adoption back in 2000 but as to find out which ones I don't know...apart from the obvious setting up an Apache box. All the new browsers should have it enabled.

I will think about it over the weekend. Apologies for not being able to point in the right direction yet, though I pretty much guess your resources are the same as mine.

**thorin** · 10-05-2007, 05:43 PM

I'm pretty sure you used to be able to tell in Firefox if you hovered over or double clicked the little Lock icon in the status bar.

Edit: Found one, ThinkGeek uses AES-256

Hmmm the forums resized it to height=280 so it's hard to read, if you zoom you'll be able to see.

**imported_blackfoot** · 10-05-2007, 05:59 PM

Oh well done.

That is interesting...so...next step? Can I help?

**thorin** · 10-05-2007, 07:07 PM

I'm just hunting for a few more.

The reasoning is pretty un-exciting (SORRY!) I'm just trying to gather some amunition for an argument/debate with collegues that I know is going to happen next week

**imported_blackfoot** · 10-05-2007, 07:21 PM

Excitement is not a priority.

I will look over the weekend.

The ones I considered so far all stick with original certificates either RSA or DSA

Regards
C

**elazar** · 10-08-2007, 02:00 AM

ASP.NET(specifically version 2) supports AES for state management(viewstate), though it would be impossible to tell by looking at the page, you would need to see the web.config of the site in question. See http://msdn2.microsoft.com/en-us/library/ms998288.aspx

E

**imported_wyze** · 11-02-2007, 11:55 PM

I've implemented it on my personal webserver... pretty e-z to do:

openssl genrsa -aes256 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key
chmod 400 server.csr
chmod 400 server.crt
chmod 400 server.key
chmod 400 server.key.secure

The mv them into the proper apache/httpd directories

**thorin** · 11-05-2007, 04:22 PM

Thanks swc666

**imported_wyze** · 11-11-2007, 11:38 AM

Originally Posted by thorin

Thanks swc666

Any time thorin: my brain is Open Source

BackTrack Linux - Penetration Testing Distribution

Thread: Anyone know of a website which implements AES?

Thread Tools

Search Thread

Display

Anyone know of a website which implements AES?

interesting

oh yes

ok

Posting Permissions