1

I have been looking at TLS recently, and I am unsure as to why it is so secure, but probably thanks to a misunderstanding of how it works. But if the entire handshake is recorded, either using a man in the middle attack or a packet sniffer on the target computer, then any of the remaining communication can be decrypted as you would have all the info that the client and the server used to generate the encryption keys.

I doubt there would be such a hole in tls, but could anyone tell me how tls defends against this?

topherg
  • 4,203
  • 4
  • 37
  • 72
  • A) http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Edition/dp/0471117099 but more importantly B) why do you think that you have the keys after sniffing the packets? – Edward Thomson Apr 04 '12 at 23:40
  • because all the keys are generated from the sent data, at least, thats what the specs say. the premaster key that is used to generate the master key is based on info that is all sent between the client and server during the handshake, but nice book, definitely worth a look – topherg Apr 04 '12 at 23:49
  • Aha - I understand the confusion - Mark's links should be a good read. – Edward Thomson Apr 05 '12 at 00:00

2 Answers2

3

The critical data sent by the client to the server in the TLS handshake is encrypted using the server's public key. So even if the packets are captured on the wire, it would require the private key (which is assumed to be known only to the server) to decrypt the packets.

user207421
  • 305,947
  • 44
  • 307
  • 483
Mark Wilkins
  • 40,729
  • 5
  • 57
  • 110
  • why does it require the private key if it is encrypted with the public key? – topherg Apr 04 '12 at 23:52
  • 2
    @cgoddard: Public key encryption is not symmetrical. If you encrypt something with the public key, then it can only be decrypted with the private key. The link I included discusses it some. – Mark Wilkins Apr 04 '12 at 23:56
  • ah, just been having a read of it atm, but certainly seems interesting, thanks guy – topherg Apr 04 '12 at 23:59
  • @cgoddard: One thing to note about this handshake: public key crypto tends to be more computationally expensive than symmetric crypto - this is why public key crypto is used at first, to exchange a key for the symmetric cryptography. – Edward Thomson Apr 05 '12 at 00:01
  • 2
    This depends on the key exchange algorithm. What you said works for RSA key exchange but not for DH(E) key exchange (also quite common). – Bruno May 03 '12 at 19:39
1

The main purpose of the handshake is to ensure the secret exchange of a pre master secret that is then shared by both parties (which then leads to a common master secret and shared encryption keys).

How this is done depends on the cipher suites, and which key exchange algorithm is used. Using authenticated key exchange, there are mainly two variants:

  • RSA key exchange, where the client encrypts the pre-master secret with the server's public key (obtained from the certificate).
  • Diffie-Hellman key exchange, where the client verifies the server's signed DH parameters with the server's public key.

You may be interested in these links:

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376