SSL/TLS passive sniffing
Anton Stiglic
astiglic at okiok.com
Thu Dec 2 21:33:36 EST 2004
>This sounds very confused. Certs are public. How would knowing a copy
>of the server cert help me to decrypt SSL traffic that I have intercepted?
I found allot of people mistakenly use the term certificate to mean
something like a pkcs12 file containing public key certificate and private
key. Maybe if comes from crypto software sales people that oversimplify or
don't really understand the technology. I don't know, but it's a rant I
have.
>Now if I had a copy of the server's private key, that would help, but such
>private keys are supposed to be closely held.
>Or are you perhaps talking about some kind of active man-in-the-middle
>attack, perhaps exploiting DNS spoofing? It doesn't sound like it, since
>you mentioned passive sniffing.
I guess the threat would be something like an adversary getting access to a
web server, getting a hold of the private key (which in most cases is just
stored in a file, allot of servers need to be bootable without intervention
as well so there is a password somewhere in the clear that allows one to
unlock the private key), and then using it from a distance, say on a router
near the server where the adversary can sniff the connections. A malicious
ISP admin could pull off something like that, law authority that wants to
read your messages, etc.
Is that a threat worth mentioning? Well, it might be. In any case,
forward-secrecy is what can protect us here. Half-certified (or fully
certified) ephemeral Diffie-Hellman provides us with that property.
Of course, if someone could get the private signature key, he could then do
a man-in-the-middle attack and decrypt all messages as well. It wouldn't
really be that harder to pull off.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list