AOL AIM and the lock icon

[glen]

There seem to be multiple ways to get a cert for your AIM, but some are better than others. Who here posted the original thread about this? I can nto find it searching on AIM or lock or AIM and LOck.

 

[guyver01]

http://www.aimencrypt.com/

 

[RagingBITCH]

^

That's where I got mine from

 

[Codewiz]

Originally posted by: guyver01
http://www.aimencrypt.com/

Last time I checked, using that service everyone ends up using the exact same certificate. Kind of defeats part of the purpose.

 

[zimu]

Originally posted by: Codewiz

Originally posted by: guyver01
http://www.aimencrypt.com/

Last time I checked, using that service everyone ends up using the exact same certificate. Kind of defeats part of the purpose.

acutlaly, does it?
the website says that to have an encrypted conversation, BOTH PARTIES must have the certificate.
"Q. My friend doesn't have a security certificate are our conversations encrypted?
A. Simply put, no. Both users must be running AIM v5.2+ and have security certificates."

HENCE, if everyone has the same certificate, ALL THE BETTER! more compatibility!

 

[Aves]

Originally posted by: zimu
HENCE, if everyone has the same certificate, ALL THE BETTER! more compatibility!

If everyone has the same certificate then everyone can decrypt any messages that were encrypted with it.

 

[RagingBITCH]

Originally posted by: zimu

Originally posted by: Codewiz

Originally posted by: guyver01
http://www.aimencrypt.com/

Last time I checked, using that service everyone ends up using the exact same certificate. Kind of defeats part of the purpose.

acutlaly, does it?
the website says that to have an encrypted conversation, BOTH PARTIES must have the certificate.
"Q. My friend doesn't have a security certificate are our conversations encrypted?
A. Simply put, no. Both users must be running AIM v5.2+ and have security certificates."

HENCE, if everyone has the same certificate, ALL THE BETTER! more compatibility!

What are you talking about?

 

[EyeMWing]

Google for Thawte freemail. Give them some fake personal ID info (It doesn't even have to LOOK real - my SSN is apparently "PLZKTHXBYE") and b00m, instant security certificate.

 

[zimu]

Originally posted by: aves2k

Originally posted by: zimu
HENCE, if everyone has the same certificate, ALL THE BETTER! more compatibility!

If everyone has the same certificate then everyone can decrypt any messages that were encrypted with it.

well... thats the point. since its IM, i'd send someone an IM and since they have the same certificate they can accept the key to the security certificate from my end and we can have an encrypted conversation.

BUT, an outsider who's trying to "hack" the IM, can't just hack it because he has my certificate- he'd need the key to the certificate to decrypt the IMs. and the only person i send that key to is to the user I just immed.

 

[EyeMWing]

Originally posted by: zimu

Originally posted by: aves2k

Originally posted by: zimu
HENCE, if everyone has the same certificate, ALL THE BETTER! more compatibility!

If everyone has the same certificate then everyone can decrypt any messages that were encrypted with it.

well... thats the point. since its IM, i'd send someone an IM and since they have the same certificate they can accept the key to the security certificate from my end and we can have an encrypted conversation.

BUT, an outsider who's trying to "hack" the IM, can't just hack it because he has my certificate- he'd need the key to the certificate to decrypt the IMs. and the only person i send that key to is to the user I just immed.

AIM works this by decrypting your message at their server and switching it to their security certificate. Definitely not secure, since you send their server the certificate. When you're directly connected, it actually sends the other user your security certificate (assuming they have one).

 

[zimu]

Originally posted by: EyeMWing

Originally posted by: zimu

Originally posted by: aves2k

Originally posted by: zimu
HENCE, if everyone has the same certificate, ALL THE BETTER! more compatibility!

If everyone has the same certificate then everyone can decrypt any messages that were encrypted with it.

well... thats the point. since its IM, i'd send someone an IM and since they have the same certificate they can accept the key to the security certificate from my end and we can have an encrypted conversation.

BUT, an outsider who's trying to "hack" the IM, can't just hack it because he has my certificate- he'd need the key to the certificate to decrypt the IMs. and the only person i send that key to is to the user I just immed.

AIM works this by decrypting your message at their server and switching it to their security certificate. Definitely not secure, since you send their server the certificate. When you're directly connected, it actually sends the other user your security certificate (assuming they have one).

hmm. thats a good point, i hadn't thought of that.

but then, how come when you sometimes have a conversation with a person with a certificate and you're not directly connected it'll ask you whether you want to accept the certificate?