Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: [Wireshark-dev] SSL decryption help needed
From: "prashanth s" <prbanglore@xxxxxxxxx>
Date: Tue, 5 Aug 2008 19:54:23 +0530
Hi all,
In SSL, by "encryption key", it means the secret shared that is calculated based on the random number generated and the master secret key ?
In that case would it not be really difficult to get that key and hence to decrypt the ssl?
I am currently working on writing a decoder for ssl for an internal
server of our organization. Because it is internal server we have access
to the private and the public keys of the certificate of the server.
I am interested in knowing whether it is not at all possible to decrypt
the ssl without using the brute force method. My requirement is that the
sniffer should act passively in the network between the client and the
server. And it should be able to decrypt the data without any kind of
man in the middle kind of attacks. Is this possible?
I see that the random numbers are exchanged between the client and the
server initially during the handshake only for preventing the replay
attacks. there after the master secret key is generated by the client by
randomly generating a fresh random number. And then this master secret
key is encrypted. Hence is there no hope to decrypt the ssl ?
We own the certificates and hence can know the the private and public
keys of the certificates. Is this information not enough in calculating
the secret shared key?
Actually a company called "Unleash Networks" have come with a product
that they claim as capable of decrypting ssl. How they might have done
it? By brute force method? Or is it possible to decrypt ssl?
Regards,
Prashanth
In SSL, by "encryption key", it means the secret shared that is calculated based on the random number generated and the master secret key ?
In that case would it not be really difficult to get that key and hence to decrypt the ssl?
I am currently working on writing a decoder for ssl for an internal
server of our organization. Because it is internal server we have access
to the private and the public keys of the certificate of the server.
I am interested in knowing whether it is not at all possible to decrypt
the ssl without using the brute force method. My requirement is that the
sniffer should act passively in the network between the client and the
server. And it should be able to decrypt the data without any kind of
man in the middle kind of attacks. Is this possible?
I see that the random numbers are exchanged between the client and the
server initially during the handshake only for preventing the replay
attacks. there after the master secret key is generated by the client by
randomly generating a fresh random number. And then this master secret
key is encrypted. Hence is there no hope to decrypt the ssl ?
We own the certificates and hence can know the the private and public
keys of the certificates. Is this information not enough in calculating
the secret shared key?
Actually a company called "Unleash Networks" have come with a product
that they claim as capable of decrypting ssl. How they might have done
it? By brute force method? Or is it possible to decrypt ssl?
Regards,
Prashanth
- Prev by Date: [Wireshark-dev] Terminating NULL chraracter in RTCP Bye reason string
- Next by Date: Re: [Wireshark-dev] Terminating NULL chraracter in RTCP Bye reason string
- Previous by thread: Re: [Wireshark-dev] Terminating NULL chraracter in RTCP Byereason string
- Next by thread: [Wireshark-dev] Windows build environment changes
- Index(es):