{"id":4181,"date":"2020-10-30T20:17:36","date_gmt":"2020-10-30T19:17:36","guid":{"rendered":"https:\/\/webhosting.de\/perfect-forward-secrecy-zukunftssichere-verschluesselung-fuer-webseiten\/"},"modified":"2020-10-30T20:17:36","modified_gmt":"2020-10-30T19:17:36","slug":"cryptage-futur-securise-parfaitement-avance-pour-les-sites-web","status":"publish","type":"post","link":"https:\/\/webhosting.de\/fr\/perfect-forward-secrecy-zukunftssichere-verschluesselung-fuer-webseiten\/","title":{"rendered":"Perfect Forward Secrecy : un cryptage \u00e0 l'\u00e9preuve du temps pour les sites web"},"content":{"rendered":"

Les r\u00e9v\u00e9lations du d\u00e9nonciateur Edward Snowden ont montr\u00e9 que la NSA Donn\u00e9es<\/a> en masse. Bien qu'il ne puisse pas d\u00e9chiffrer une partie de l'information aujourd'hui, cela pourrait \u00eatre possible \u00e0 l'avenir. Les webmasters peuvent se prot\u00e9ger aujourd'hui, ainsi que leurs visiteurs, contre le d\u00e9cryptage de demain.<\/p>\n

Edward Snowden a montr\u00e9 au monde entier qu'aucune donn\u00e9e n'est \u00e0 l'abri des services secrets. Ils recueillent (par pr\u00e9caution) toutes les informations qui leur parviennent. Certaines de ces donn\u00e9es sont crypt\u00e9es, par exemple via une connexion HTTPS. Cela inclut les sites web sur lesquels des donn\u00e9es sensibles sont transmises, l'achat d'un produit ou la connexion \u00e0 un compte de courrier \u00e9lectronique ou l'utilisation de la banque \u00e0 domicile. Toutes ces donn\u00e9es sont intercept\u00e9es, bien qu'elles soient inutiles aujourd'hui. Dans quelques ann\u00e9es, les services secrets pourront les d\u00e9coder.<\/p>\n

La vuln\u00e9rabilit\u00e9 du HTTPS<\/h2>\n

Qu'est-ce que le Perfect Forward Secrecy, PFS en abr\u00e9g\u00e9 ? Pour expliquer ce terme, il faut d'abord expliquer le fonctionnement du cryptage SSL, qui est utilis\u00e9 sur les sites web o\u00f9 des donn\u00e9es sensibles sont transf\u00e9r\u00e9es.<\/p>\n

Lors de la visite de notre site web<\/a> hoster.online, un petit cadenas est reconnaissable dans la barre de recherche du navigateur web. Un clic sur le cadenas ouvre des informations sur le certificat SSL. Un autre clic permet d'obtenir des informations sur le Certificat<\/a> Les informations sur les produits peuvent \u00eatre consult\u00e9es \u00e0 tout moment, y compris, par exemple, la date d'expiration.<\/p>\n

Les certificats SSL peuvent \u00eatre utilis\u00e9s par pratiquement tous les sites web. Les diff\u00e9rences r\u00e9sident dans<\/p>\n

- leur cryptage
\n- s'ils valident le domaine ou l'identit\u00e9 et
\n- le degr\u00e9 de compatibilit\u00e9 de leur navigateur.<\/p>\n

Il existe \u00e9galement trois types de certificats :<\/p>\n

1er simple
\n2\u00e8me joker
\n3. multi-domaine<\/p>\n

Le certificat SSL fonctionne comme suit : L'utilisateur se rend sur un site web, par exemple hoster.online. Son navigateur contacte le serveur, qui sp\u00e9cifie une cl\u00e9 publique d\u00e9livr\u00e9e par l'autorit\u00e9 de certification. Le navigateur v\u00e9rifie la signature de l'autorit\u00e9 de certification. S'il est correct, il \u00e9change des donn\u00e9es avec hoster.online. Dor\u00e9navant, toutes les donn\u00e9es seront transmises de mani\u00e8re crypt\u00e9e.<\/p>\n

Le secret de l'avant parfait comme protection contre les m\u00e9thodes de demain<\/h2>\n

Pour la transmission crypt\u00e9e d'une session HTTPS, le navigateur sugg\u00e8re \u00e0 chaque fois une cl\u00e9 de session secr\u00e8te. Le serveur confirme cette cl\u00e9.<\/p>\n

Le probl\u00e8me avec cette m\u00e9thode est que les services secrets comme la NSA peuvent enregistrer la transmission de la cl\u00e9. Dans un avenir pr\u00e9visible, il pourrait \u00eatre possible de le d\u00e9crypter. Cela leur permettrait de lire toutes les donn\u00e9es transf\u00e9r\u00e9es \u00e0 hoster.online.<\/p>\n

Dans le pass\u00e9, il y a eu des probl\u00e8mes avec le HTTPS. Le bogue \"Heartbleed\", qui expose les sites web \u00e0 des vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 majeures depuis 2011, a touch\u00e9 deux sites web sur trois sur l'internet. Heartbleed \u00e9tait une erreur de programmation dans le logiciel OpenSSL. Elle a permis aux pirates se connectant \u00e0 un serveur avec une version vuln\u00e9rable d'OpenSSL via HTTP d'acc\u00e9der \u00e0 64 Ko de stockage priv\u00e9. L'attaque a provoqu\u00e9 la fuite de cookies, de mots de passe et d'adresses \u00e9lectroniques sur les serveurs. De grands services tels que Yahoo Mail et LastPass ont \u00e9t\u00e9 touch\u00e9s.<\/p>\n

La solution pour de tels sc\u00e9narios est le Perfect Forward Secrecy : avec la m\u00e9thode dite Diffie-Hellman, les deux partenaires de communication - dans ce cas le navigateur web et le serveur - se mettent d'accord sur une cl\u00e9 de session temporaire. Elle n'est transmise \u00e0 aucun moment. D\u00e8s que la session est close, la cl\u00e9 est d\u00e9truite.<\/p>\n

Les PSF dans la pratique et \u00e0 l'avenir<\/h2>\n

Malheureusement, il y a deux mauvaises nouvelles :<\/p>\n

1. peu de sites web utilisent actuellement les PFS
\n2. toutes les donn\u00e9es \u00e9chang\u00e9es jusqu'\u00e0 pr\u00e9sent ne peuvent plus \u00eatre crypt\u00e9es<\/p>\n

N\u00e9anmoins, les sites web devraient au moins mettre en \u0153uvre d\u00e8s \u00e0 pr\u00e9sent le principe de Perfect Forward Secrecy afin de garantir qu'aucune donn\u00e9e ne puisse \u00eatre lue t\u00f4t ou tard malgr\u00e9 le cryptage.<\/p>\n

Ivan Ristic de Security Labs recommande les suites suivantes pour la mise en \u0153uvre de PFS :<\/p>\n

- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
\n- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
\n- TLS_ECDHE_RSA_WITH_3THE_EDE_CBC_SHA<\/p>\n

Les webmasters peuvent tester leur site web sur ssllabs.com et d\u00e9cider ensuite des mesures appropri\u00e9es.<\/p>\n

Apr\u00e8s la mise en \u0153uvre de Perfetct Forward Secrecy, les services tels que la NSA et le BND ne peuvent lire les donn\u00e9es qu'avec des attaques de type \"man-in-the-middle\". Dans tous les autres cas, le SPF sera une \u00e9pine majeure dans le pied des \u00e9coutes.<\/p>","protected":false},"excerpt":{"rendered":"

Die Enth\u00fcllungen von Whistleblower Edward Snowden haben gezeigt, dass die NSA Daten massenweise sammelt. Zwar kann sie einen Teil der Informationen heute nicht entschl\u00fcsseln, in Zukunft w\u00e4re dies unter Umst\u00e4nden m\u00f6glich. Webmaster k\u00f6nnen sich und ihre Besucher heute vor einer morgigen Entschl\u00fcsselung sch\u00fctzen. Edward Snowden hat der Welt gezeigt, dass keine Daten vor den Geheimdiensten […]<\/p>\n","protected":false},"author":1,"featured_media":503,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_crdt_document":"","inline_featured_image":false,"footnotes":""},"categories":[673,794],"tags":[186,187],"class_list":["post-4181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer_und_internet","category-sicherheit-computer_und_internet","tag-perfect-forward-secrecy","tag-pfs"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":null,"rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":null,"rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":"","_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":null,"_edit_lock":null,"_oembed_e7b913c6c84084ed9702cb4feb012ddd":null,"_oembed_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_03514b67990db061d7c4672de26dc514":null,"_oembed_time_03514b67990db061d7c4672de26dc514":null,"rank_math_news_sitemap_robots":"index","rank_math_robots":["index"],"_eael_post_view_count":"4613","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":"perfect-forward-secrecy-future-proof-encryption-for-websites","_trp_automatically_translated_slug_lv":"perfekts-forward-secrecy-forward-forward-secrecy-future-proof-encryption-for-websites","_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":"taeydellinen-ennakointisalaisuus-tulevaisuuden-varma-salaus-verkkosivustoille","_trp_automatically_translated_slug_ja":"%e3%82%a6%e3%82%a7%e3%83%96%e3%82%b5%e3%82%a4%e3%83%88%e3%81%ae%e3%81%9f%e3%82%81%e3%81%ae%e5%ae%8c%e5%85%a8%e3%81%aa%e5%89%8d%e6%96%b9%e7%a7%98%e5%af%86%e6%9c%aa%e6%9d%a5%e3%81%ae%e5%ae%89%e5%85%a8","_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":"default","_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_time_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_59808117857ddf57e478a31d79f76e4d":null,"_oembed_time_59808117857ddf57e478a31d79f76e4d":null,"_oembed_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_81002f7ee3604f645db4ebcfd1912acf":null,"_oembed_time_81002f7ee3604f645db4ebcfd1912acf":null,"_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":["tp-video-player"],"_eael_custom_js":null,"_wp_old_date":null,"_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":"1021","rank_math_internal_links_processed":null,"_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":["webhostinglogo.png"],"litespeed_vpi_list_mobile":["webhostinglogo.png"],"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":["perfect forward secrecy: zukunftssichere verschl\u00fcsselung f\u00fcr webseiten"],"_eb_reusable_block_ids":[],"rank_math_focus_keyword":null,"rank_math_og_content_image":null,"_yoast_wpseo_metadesc":"","_yoast_wpseo_content_score":null,"_yoast_wpseo_focuskeywords":null,"_yoast_wpseo_keywordsynonyms":null,"_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":null,"surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"503","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/posts\/4181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/comments?post=4181"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/posts\/4181\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/media\/503"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/media?parent=4181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/categories?post=4181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/tags?post=4181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}