On Sun, 12 Jul 2015, Derek Balling wrote:
According to Slack, they use encryption. Do you have data contrary to this?
https://slack.com/security
"Encrypted Traffic by Default, in Both Directions
Slack uses 256-bit AES, supports TLS 1.2 for all of your messages,
and uses the ECDHE_RSA Key Exchange Algorithm. We monitor the security
community's output closely and work promptly to upgrade the service
to respond to new vulnerabilities as they are discovered."
So... IIRC (and I'm not a cryptographer) this boils down to:
"Your communications to/from the Slack server are encrypted"
There don't seem to be any guarantees about how they're avoiding MITM
attacks (one presumes that they're considering your login for slack
sufficient), nor any information about what happens to your communications
once they get to the Slack server and beyond, prior to heading back in your
direction.
You're also trusting that their cert and cert chain is valid and as
described, not to mention that nothing untoward happens in their 'cloud'.
... or in other words, it's about the same degree of security that you'd
expect to see from most web-based apps these days.
cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet. This is the defining metaphor of my life right now."
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
