If you implement SSL the wrong way then it can be insecure indeed, please notice the 'If'. To accomplish a successful SSL/TLS attack the one you are attacking needs to comply to quite some preconditions.

One of those preconditions is that you need to have an older browser for example since the new browsers don't fall for that trick anymore, also the hacker needs you to run malicious javascript that is coming from the exact HTTPS source (site) that they like to hijack the SSL session from, not very likely to occur. And as the last one please notice that you cannot access the DMT-Nexus with the old SSL 2.0!

And about your e-mail that you can see, that is stored in a database in a highly sophisticated encyrpted form. If you access a page that shows you your e-mail address then that encrypted e-mail address is send to another server, that other server decrypts the string containing the e-mail address and sends it back to the DMT-Nexus server so it can be shown to you.

If you take away the DMT-Nexus server or in any way temper with the security, several protection switches are in place to brake the connection to that external server immediately and forever. Without a connection to that external server you can't do a thing with the e-mail or IP addresses.

Here is an example of an encrypted e-mail address:


It is encrypted with AES, 256bit block size, special salting, multi round, and a random key of at least 200 characters long. Due to the special salting every e-mail address is encrypted in a different way. So even if they spend billions of years decypting one e-mail address another encrypted e-mail addresses takes again that long to decrypt.

And one question: Who are they in "Hopefully they simply don't keep logs of access, no need to encrypt them, just don't have them to start with."?

On the DMT-Nexus there is no logging of your browsing activity. The only things that are logged are:
* Date/Time of joining this site
* Encrypted e-mail address when you join the site (you can enter a fake one if you don't need to get updated with PM's and if it doesn't matter if you loose your password)
* Date/Time of last visit (needed for showing you the last topics)
* Encrypted IP address when you first sign up and when you make a post (needed for action against trolls).
* Date/Time of any post you make (again, we need that for active topics and to have a timeline for the topics)

Also for secure browsing, check this topic: How to secure your entire computer and surf completely anonymous


Kind regards,

The Traveler

Ah, I didn't realize you were the admin of the site, by they I meant whoever was hosting the site Thanks for the wonderful site/community.

Also, a lot of the times when they confiscate a server in a RAID they've likely done some heavy foot work. I don't know if the connection to the sever is through a reverse proxy with some random latency to prevent easy timing attacks. But realistically I don't see DMT-Nexus being under such heavy fire. Hopefully not at least I'll still say my choice is to not use an e-mail associated with anything about yourself.

If there is one thing trav takes most seriously it is protecting our members privacy from those who would try to invade our home. Thank you trav for your un yielding dedication to keeping us all safe and secure.