Jump to content

SSL weakness

adithyay328
By adithyay328
in Networking
 Share
Go to solution Solved by DXMember,

the keys sent are encrypted

maybe you want to read up on public key encryption, also Heartbleed

Posted

Hello there! So, I have a burning question. I understand that keys are exchanged when an SSL connection is created, but is there a mechanism for stopping a hacker from stealing the keys when they're initially sent(like, at the start of the connection)? Because, if a hacker knows your IP, they could just wait for you to start a connection, take the keys, then decrypt everything you're doing! Is there a mechanism to stop this? Thanks!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

the keys sent are encrypted

maybe you want to read up on public key encryption, also Heartbleed

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 minute ago, DXMember said:

the keys sent are encrypted

Well, how does the other end decrypt the keys. Do they send another set of keys, or what?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, adithyay328 said:

Well, how does the other end decrypt the keys. Do they send another set of keys, or what?

read the reply again, I edited it (:

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

 

1 minute ago, DXMember said:

read the reply again, I edited it (:

Ok, will look at it

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
5 minutes ago, DXMember said:

read the reply again, I edited it (:

OMG, I'M SO DUMB. I get it know! Thank you so much!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, adithyay328 said:

OMG, I'M SO DUMB. I get it know! Thank you so much!

(:

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 hours ago, adithyay328 said:

Hello there! So, I have a burning question. I understand that keys are exchanged when an SSL connection is created, but is there a mechanism for stopping a hacker from stealing the keys when they're initially sent(like, at the start of the connection)? Because, if a hacker knows your IP, they could just wait for you to start a connection, take the keys, then decrypt everything you're doing! Is there a mechanism to stop this? Thanks!

Well basically private keys are never shared, only public keys are exchanged.

 

Think;

Private Key, My key, no one else can have it, this is used to decrypt messages that have been encrypted with my public key

Public Key, I give this out to everyone so they can communicate to me securely. This key cannot decrypt a message it has encrypted, only the private key can do this.

 

See: Asymmetric Cryptography

Essentially, public key encrypts, private key decrypts. Public key CANNOT decrypt and private key CANNOT encrypt. It goes in one direction and one direction only.

 

Also, Heartbleed was mentioned in an above response but that was not an attack on the encryption itself, more of a bug with blocks of nul-data being sent. Not something I would suggest looking into if you want to learn about SSL.

 

Edit: I am aware symmetric cryptography is also used to encrypt the data, however this is the exchange that occurs only after the asymmetric or "public" cartographic pairs have been exchanged. The "secret sauce" of SSL/TLS, is the asymmetric key exchange, which keeps the symmetric key safe.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×