I am planning to take an SSL certificate implementing SHA256. How does SHA256 protect against active Man-in-the-middle attacks?
Also, what does 256 mean in SHA256, when a certifying authority say 2048 bit encryption.
Asked
Active
Viewed 1,383 times
-2
-
SHA256 => digest is 256 bits. Beyond that, your question is too vague to answer, really. – Jon Skeet Jul 29 '15 at 06:11
-
The cert itself does not protect you from anything. You need to use a proper encryption mechanism. – typ1232 Jul 29 '15 at 10:47
-
Thanks Jon Skeet .. I know it's vague , so i would try and frame it better : Is the certificate 2048 long , encrypted with SHA256 . And what encryption schemes are best and comply with latest TLS versions , to ensure secure communication between the client and the server . – Bhaskar Kumar Jul 30 '15 at 07:20
3 Answers
1
sha256 is a SHA-2 hash with a 256 bit output. It is currently considered a pretty secure hash.
A secure hash makes sure that a certificate can't easily be faked. A hash needs to be collision resistant. SHA-1 isn't really great anymore for this purpose (much like md5), because it has gotten too easy to create two certificates A and A' that hash to the same key. This allows an attacker to create a certificate for hisdomain.com, have it signed, and then transfer the signature to a fake certificate for, say, google.com. This presentation by Marc Stevens clarifies this method of attack.
In that sense SHA-2 protects against some forms of active MITM attack. However, there are many other factors in play: a hash is only a building block. Safe encryption algorithms and a proper algorithm are also needed.
The 2048 bit encryption refers to the key length used for the (probably) RSA key. This is the key that's actually used in the TLS communications.
See this article on the Mozilla wiki for recommendations on how to set up your servers securely.
Thom Wiggers
- 6,938
- 1
- 39
- 65
-
Thanks Thom Wiggers , Correct me if i am wrong , as i understand the certificate is 2048 bit long , which is encrypted with SHA256 , but it has got nothing to do with TLS communication as mentioned by typ1232 – Bhaskar Kumar Jul 30 '15 at 07:19
-
It is NOT encrypted with SHA256. SHA2 are hashing algorithms. This is something fundamentally different. Your certificate also isn't 2048 bits long, the RSA key is 2048 bits long. The certificate is used in TLS communications to provide authenticity: the certificate 'certifies' that you are who you say you are. This feature does help prevent MITM attacks. – Thom Wiggers Jul 30 '15 at 12:07
1
The SHA256 hash, which is a hash that outputs 256 bits of very random-looking, collision-resistant information, is used to hash the document or some combination of items including the document. Then the 2048-bit RSA key is used to "encrypt" the hash.
The value of the hash in this respect is not crypto-related at all. It is simply the matter than a large document or other data can be hashed very quickly, and even a tiny change in the source data will yield a completely different hash. The RSA algorithm, which is very slow and is happy for something so small as a hash output to work with, is then used to "encrypt" the hash.
I put "encrypt" in quotes here because a digital signature is the same public / private keypair regime that public key crypto uses. Except with digital signing, the signer keeps the "encrypt" key and gives everyone else the "decrypt" key, where with public key encyption only one person has the decrypt key and many have the encrypt key.
WDS
- 966
- 1
- 9
- 17
0
The biggest weakness of asymmetric key systems is MITM. I implemented defenses against MITM attacks using SHA-2, asymmetric keys, SHA-2 authentication servers, and unique serial (PUF) on each terminal.
In fact, this may be an internationally unpublished newspaper. If you read this article and notice it, I will give you a chance first.
I am a bit bragged, but I think this is an innovative way to solve most problems in cryptography. If you have any other comments, I would like to hear them first. If you have already answered the answer, I will answer it and give you an answer when you are sure that nobody knows in a few days. Before I make the answer, someone might have another new way. If there is another way, I would like to give him a chance to answer first.
I really think this is a breakthrough in modern cryptography. If my opinion is wrong, please point out a lot of people. I want to listen modestly.
A typical conventional MITM defense is too out of date. This method is strange. There is no big difference between sending symmetric keys to prevent MITM.
