With a Kindle?
Most certainly yes, it has everything you need to check any web-site.
With the recent security breach at Equifax in the USA;
https://qz.com/1073002/equifax-breac...t-your-credit/
There is an increased interest in on-line security used by web-sites.
(Or at least there certainly should be.)
Notices such as this:
Quote:
Secure Transaction:
For your protection, this website is secured with the highest level of SSL Certificate encryption.
are showing up on web pages everywhere you look.
But just because you read it on the site's web page, does that make it so?
Aren't they expecting you to believe the Wolf's statement on the security of the Hen House?
So how can you get a "second opinion" ?
What you need is a copy of OpenSSL, version 1.0.0 or newer.
(and an Internet connection of course.)
It you have command line access * to your Kindle running 5.x series firmware, you have all that you need to check any web-site.
The version of OpenSSL installed on your Kindle:
Code:
[root@kindle us]# openssl version
WARNING: can't open config file: /usr/ssl/openssl.cnf
OpenSSL 1.0.1s 1 Mar 2016
(The warning message is not significant in the following usage.)
Where in the following I have written: "$1" (in two places) use the full domain name (as in:
www.mobileread.com for example):
Code:
knc1:~> openssl s_client -servername "$1" -connect "$1":443 </dev/null 2>/dev/null | openssl x509 -text
That will result in an output similar to the following (the first certificate is the server's certificate):
Spoiler :
Code:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:62:d9:6c:75:14:c6:99:61:8a:3e:8d:f4:49:b7:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3
Validity
Not Before: Aug 2 00:00:00 2017 GMT
Not After : Jul 7 23:59:59 2018 GMT
Subject: C=US, ST=Georgia, L=Atlanta, O=Central Source LLC, OU=IT, CN=www.annualcreditreport.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:3b:4e:f3:8f:10:0d:4e:dc:f1:48:a4:ab:21:
89:4a:d7:c8:c8:dc:94:94:28:53:c6:98:5c:13:d4:
33:54:bf:c2:47:30:cd:03:56:d7:58:4c:ae:a3:40:
16:fb:bf:b2:d7:69:f5:90:b7:78:0a:7b:47:17:c1:
c8:66:11:ec:69:ae:7c:3a:57:83:34:8f:45:91:0c:
f9:76:be:8f:30:31:96:55:55:63:db:40:70:ea:fa:
92:7d:e0:5a:3e:b6:6a:dc:e6:f9:ec:b2:b6:8d:7c:
7f:36:02:d8:81:13:53:60:e8:c3:60:9f:78:27:a7:
40:a9:81:75:81:e9:4f:b2:05:9f:cf:8d:5f:9e:c6:
8b:99:4f:41:93:cf:7f:cb:f4:8c:50:ad:df:f3:9a:
4f:40:27:9d:0b:e4:f8:04:36:a3:d5:1a:8b:b5:9a:
91:84:0d:41:5e:aa:96:2f:3c:41:4d:2c:ec:66:0f:
04:6e:b6:bb:8b:68:73:d1:93:7d:5d:c8:ba:cc:9e:
87:14:7d:8a:1b:b6:d4:f6:9a:f8:2a:85:6e:5e:2f:
d3:b1:24:1d:55:0d:7e:b1:34:60:40:d6:04:b1:db:
81:fc:39:13:a6:f8:d6:05:51:4a:fc:01:87:25:09:
a1:26:a0:c4:17:1a:17:54:e2:12:37:33:10:fc:c0:
fb:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.annualcreditrep.com, DNS:ws.annualcreditreport.com, DNS:annualcreditreport.com, DNS:ws.annualcreditrep.com, DNS:www.annualcreditreport.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
Full Name:
URI:http://gn.symcb.com/gn.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: https://www.geotrust.com/resources/repository/legal
User Notice:
Explicit Text: https://www.geotrust.com/resources/repository/legal
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:D2:6F:F7:96:F4:85:3F:72:3C:30:7D:23:DA:85:78:9B:A3:7C:5A:7C
Authority Information Access:
OCSP - URI:http://gn.symcd.com
CA Issuers - URI:http://gn.symcb.com/gn.crt
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E:
2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC
Timestamp : Aug 2 18:35:05.602 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8A:15:FF:4C:E9:31:C3:94:B7:AF:8B:
AA:E7:96:6F:6B:DD:60:FE:82:37:EE:92:F3:3F:6E:E6:
9C:B1:B9:D5:AB:02:20:79:7D:99:26:7D:98:9B:04:EC:
4E:45:A3:B6:3F:14:9D:9D:DC:9B:7A:6E:F4:FF:42:86:
59:F8:B1:AF:28:37:0B
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Aug 2 18:35:05.621 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3E:A8:D5:FD:05:F6:32:F7:CC:2A:9D:36:
DD:BC:36:50:9E:CC:D4:AF:F7:5E:1D:42:C6:31:D6:7C:
A5:9B:4F:89:02:20:7F:3C:9D:F8:9D:16:C0:2F:24:CE:
F4:D0:F7:E3:7A:4A:C6:C0:61:32:8B:BB:4A:3A:46:A6:
78:A9:CF:23:96:03
Signature Algorithm: sha256WithRSAEncryption
cb:36:e8:00:03:23:02:1d:cb:2e:39:6a:0e:c9:82:28:86:11:
81:5c:44:1d:60:32:9e:33:19:16:9f:41:a1:41:ea:84:8f:00:
82:2f:e4:22:20:b7:b4:be:1a:a4:a0:ae:a6:82:0b:74:7a:20:
a5:3f:e8:59:c3:8b:da:c0:6e:06:9e:c0:fe:8d:ab:31:43:18:
66:1b:be:5e:e0:88:56:46:e9:dc:5e:f7:8c:10:c9:7e:e1:1d:
17:4d:ac:26:c8:f5:a3:7f:57:9c:f0:57:d9:af:d4:87:c3:9a:
69:4f:ce:e9:3e:9b:5b:ee:78:de:71:f1:09:fd:9a:65:16:0e:
a7:a3:e8:70:53:2e:76:6d:1c:1f:96:59:0e:7f:25:7a:3a:11:
40:7d:93:22:c4:0f:27:55:7b:b2:71:b1:78:bc:11:18:8a:b2:
3b:af:ff:4b:6d:0c:78:b7:cf:7a:7b:35:9a:ef:25:76:78:c3:
7e:58:6f:10:d3:f8:fd:d1:3a:32:26:1d:68:90:83:10:67:d5:
2c:ad:7d:28:2f:ef:2f:61:3a:5c:8c:b6:d2:70:39:85:5a:81:
f7:d2:ef:43:b4:7f:af:8e:5a:33:07:3d:58:1a:11:ea:1e:51:
3d:93:ed:03:f2:2f:1b:b2:0d:06:4b:25:f3:11:9b:9d:13:78:
cb:61:c0:37
-----BEGIN CERTIFICATE-----
MIIGazCCBVOgAwIBAgIQK2LZbHUUxplhij6N9Em33jANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwODAyMDAwMDAwWhcNMTgwNzA3MjM1
OTU5WjCBgDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEDAOBgNVBAcM
B0F0bGFudGExGzAZBgNVBAoMEkNlbnRyYWwgU291cmNlIExMQzELMAkGA1UECwwC
SVQxIzAhBgNVBAMMGnd3dy5hbm51YWxjcmVkaXRyZXBvcnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDtO848QDU7c8UikqyGJStfIyNyUlChT
xphcE9QzVL/CRzDNA1bXWEyuo0AW+7+y12n1kLd4CntHF8HIZhHsaa58OleDNI9F
kQz5dr6PMDGWVVVj20Bw6vqSfeBaPrZq3Ob57LK2jXx/NgLYgRNTYOjDYJ94J6dA
qYF1gelPsgWfz41fnsaLmU9Bk89/y/SMUK3f85pPQCedC+T4BDaj1RqLtZqRhA1B
XqqWLzxBTSzsZg8Ebra7i2hz0ZN9Xci6zJ6HFH2KG7bU9pr4KoVuXi/TsSQdVQ1+
sTRgQNYEsduB/DkTpvjWBVFK/AGHJQmhJqDEFxoXVOISNzMQ/MD7vwIDAQABo4ID
GjCCAxYwgYsGA1UdEQSBgzCBgIIXd3d3LmFubnVhbGNyZWRpdHJlcC5jb22CGXdz
LmFubnVhbGNyZWRpdHJlcG9ydC5jb22CFmFubnVhbGNyZWRpdHJlcG9ydC5jb22C
FndzLmFubnVhbGNyZWRpdHJlcC5jb22CGnd3dy5hbm51YWxjcmVkaXRyZXBvcnQu
Y29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCsGA1UdHwQkMCIwIKAeoByG
Gmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3JsMIGdBgNVHSAEgZUwgZIwgY8GBmeB
DAECAjCBhDA/BggrBgEFBQcCARYzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jl
c291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMEEGCCsGAQUFBwICMDUMM2h0dHBzOi8v
d3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU0m/3lvSFP3I8
MH0j2oV4m6N8WnwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8v
Z24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ24uc3ltY2IuY29tL2du
LmNydDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AN3rHSt6DU+mIIuBrYFocH4u
jp0B1VyIjT0RxM227L7MAAABXaQ61gIAAAQDAEcwRQIhAIoV/0zpMcOUt6+LqueW
b2vdYP6CN+6S8z9u5pyxudWrAiB5fZkmfZibBOxORaO2PxSdndybem70/0KGWfix
ryg3CwB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABXaQ61hUA
AAQDAEYwRAIgPqjV/QX2MvfMKp023bw2UJ7M1K/3Xh1CxjHWfKWbT4kCIH88nfid
FsAvJM700PfjekrGwGEyi7tKOkameKnPI5YDMA0GCSqGSIb3DQEBCwUAA4IBAQDL
NugAAyMCHcsuOWoOyYIohhGBXEQdYDKeMxkWn0GhQeqEjwCCL+QiILe0vhqkoK6m
ggt0eiClP+hZw4vawG4GnsD+jasxQxhmG75e4IhWRuncXveMEMl+4R0XTawmyPWj
f1ec8FfZr9SHw5ppT87pPptb7njecfEJ/ZplFg6no+hwUy52bRwfllkOfyV6OhFA
fZMixA8nVXuycbF4vBEYirI7r/9LbQx4t896ezWa7yV2eMN+WG8Q0/j90ToyJh1o
kIMQZ9UsrX0oL+8vYTpcjLbScDmFWoH30u9DtH+vjlozBz1YGhHqHlE9k+0D8i8b
sg0GSyXzEZudE3jLYcA3
-----END CERTIFICATE-----
In this example, the following snippet is of interest:
Code:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Now for the bottom line on what the server had to say about the human readable claim:
2048 bit, RSA Encryption is
NOT the "highest level of ...", 2048 bits is the current
minimum recommended RSA key length.
(It is probably the most widely level currently in use (even by the government in public facing networks), but not "the highest level" - that is the exaggeration.)
And nothing about the communications channel can be any more secure than the weakest link.
Note 1:
I am not claiming that the web-site that 143 million people are being directed to is not secure.
I am claiming that even such a site has exaggerated claims of the security level(s) they practice for the user to read.
(*) "command line access" : Any, serial port, ssh, telnet, kTerm ...
# 14 666