Breaking TLS security by fully recording the handshake

Asked 4/4, 2012 at 23:36 Answered 3/5, 2012 at 19:37

Solved ssl packet-capture man-in-the-middle

I have been looking at TLS recently, and I am unsure as to why it is so secure, but probably thanks to a misunderstanding of how it works. But if the entire handshake is recorded, either using a man in the middle attack or a packet sniffer on the target computer, then any of the remaining communication can be decrypted as you would have all the info that the client and the server used to generate the encryption keys.

I doubt there would be such a hole in tls, but could anyone tell me how tls defends against this?

Woke answered 4/4, 2012 at 23:36 Comment(3)

A) amazon.com/Applied-Cryptography-Protocols-Algorithms-Edition/dp/… but more importantly B) why do you think that you have the keys after sniffing the packets? – Bollen 4/4, 2012 at 23:40

because all the keys are generated from the sent data, at least, thats what the specs say. the premaster key that is used to generate the master key is based on info that is all sent between the client and server during the handshake, but nice book, definitely worth a look – Woke 4/4, 2012 at 23:49

Aha - I understand the confusion - Mark's links should be a good read. – Bollen 5/4, 2012 at 0:0

The critical data sent by the client to the server in the TLS handshake is encrypted using the server's public key. So even if the packets are captured on the wire, it would require the private key (which is assumed to be known only to the server) to decrypt the packets.

Kempf answered 4/4, 2012 at 23:44 Comment(5)

why does it require the private key if it is encrypted with the public key? – Woke 4/4, 2012 at 23:52

@cgoddard: Public key encryption is not symmetrical. If you encrypt something with the public key, then it can only be decrypted with the private key. The link I included discusses it some. – Kempf 4/4, 2012 at 23:56

ah, just been having a read of it atm, but certainly seems interesting, thanks guy – Woke 4/4, 2012 at 23:59

@cgoddard: One thing to note about this handshake: public key crypto tends to be more computationally expensive than symmetric crypto - this is why public key crypto is used at first, to exchange a key for the symmetric cryptography. – Bollen 5/4, 2012 at 0:1

This depends on the key exchange algorithm. What you said works for RSA key exchange but not for DH(E) key exchange (also quite common). – Stroh 3/5, 2012 at 19:39

The main purpose of the handshake is to ensure the secret exchange of a pre master secret that is then shared by both parties (which then leads to a common master secret and shared encryption keys).

How this is done depends on the cipher suites, and which key exchange algorithm is used. Using authenticated key exchange, there are mainly two variants:

RSA key exchange, where the client encrypts the pre-master secret with the server's public key (obtained from the certificate).
Diffie-Hellman key exchange, where the client verifies the server's signed DH parameters with the server's public key.

Recommended topics

Hot tags