what if the hacker provided the public key for https connection? - eviltoast

So this video explains how https works. What I don’t get is what if a hacker in the middle pretended to be the server and provided me with the box and the public key. wouldn’t he be able to decrypt the message with his private key? I’m not a tech expert, but just curious and trying to learn.

  • zeluko@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    6 months ago

    Thats why we have HSTS and HSTS preloading, so the browser refuses to allow this (and disabling it is usually alot deeper to find than a simple button to “continue anyways”)

    • IHawkMike@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      In Chromium browsers you can simply type “thisisunsafe” to bypass even HSTS failures.