RSA is for authentication. DH key exchange is the way to go for
perfect forward secrecy. For non-DH exchange protocols, the RSA key
will be enough to read the server side of the connection (receive and
transmit).
-Kyle H
On 5/25/06, Sreeram Kandallu <[EMAIL PROTECTED]> wrote:
Thanks!
looks l
Hello,
> Is it possible to decrypt a recorded SSL session, if the attacker gains
> access to the RSA private keys at a later point in time?
If key_exchange was done with RSA and server RSA private key
was compromised ... without problem.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
Thanks!
looks like RSA+DH is the way to go for perfect forward secrecy!
Sreeram
signature.asc
Description: OpenPGP digital signature
Related note: you can explicitly request re-keying at any time, and
should do it periodically on long-term connections. That makes analysis
even more expensive since there's less data and less payoff.
Victor Duchovni wrote:
For all these ciphers the attacker has to brute force the symmetric k
Thats cool..they do have DH ...a quick look suggested a premaster
secret(randomly choosen). Dint seem like theres a DH exchange
Sudharsan
Sudharsan
On 5/25/06, Victor Duchovni <[EMAIL PROTECTED]> wrote:
On Fri, May 26, 2006 at 07:23:05AM +0530, Sreeram Kandallu wrote:
> Hi All
>
> Is it possi
I don't have the details at hand, but look at "perfect forward secrecy"
in "SSL and TLS", Rescorla.
Sreeram Kandallu wrote:
Hi All
Is it possible to decrypt a recorded SSL session, if the attacker gains
access to the RSA private keys at a later point in time? If yes, what
would be the best wa
On Fri, May 26, 2006 at 07:23:05AM +0530, Sreeram Kandallu wrote:
> Hi All
>
> Is it possible to decrypt a recorded SSL session, if the attacker gains
> access to the RSA private keys at a later point in time? If yes, what
> would be the best way to avoid this?
$ ciphers='kEDH:!aNULL:!LOW:!E
well..i took a quick look and the client chooses a premaster secret
and the various keys are a function of it..doesnt look like theres any
scope for a DH exchange..Maybe some of the experienced security pple
can help
Sudharsan
On 5/25/06, Sudharsan Rangarajan <[EMAIL PROTECTED]> wrote:
I must a
I must apologize for not being SSL specific..But it gives u a hint and
u can take a look at the SSL specs and see what they allow.
Sudharsan
On 5/25/06, Sudharsan Rangarajan <[EMAIL PROTECTED]> wrote:
Im not sure if SSL gives u such options, but the best way to prevent
compromise of a RSA key w
Im not sure if SSL gives u such options, but the best way to prevent
compromise of a RSA key would be to establish a diffie hellman key.
You would want to do a shared secret anyawy..and im sure SSL does
it..if the shared secret is computed using diffie hellman and nobody
gets hold of the exponents
10 matches
Mail list logo
