Re: How secure is SSL?
From: Barry Margolin (barry.margolin@level3.com)
Date: 02/27/03
- Next message: Don Jenkins: "Re: REVIEW: "WiFi Security", Stewart S. Miller"
- Previous message: Vojislav Ristivojevic: "Re: Cain Algorithm"
- In reply to: Michael D. Kirkpatrick: "How secure is SSL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barry Margolin <barry.margolin@level3.com> Date: Thu, 27 Feb 2003 22:49:14 GMT
In article <3E5E91C7.9ACBFCB3@psychodad.com>,
Michael D. Kirkpatrick <wizard@psychodad.com> wrote:
>*** post for FREE via your newsreader at post.newsfeed.com ***
>
>I have recently stumbled acrost the following site:
>
>http://www.rtfm.com/ssldump/
>
>After looking at it, I don't have the expertise to implement such a
>program. It appears to me that someone out there has written a program
>that can sniff and decode SSL packets. So I must ask, "how secure is
>SSL?" Can this program actually be used to watch traffic and extract
>pieces of information that are encrypted?
That web page says in the first paragraph "If provided with the appropriate
keying material, it will also decrypt the connections and display the
application data traffic." So it can't figure out the decryption keys by
itself.
Without that critical piece of data, it will just decode the SSL protocol
fields (e.g. certificate info), but not the encrypted payload.
-- Barry Margolin, barry.margolin@level3.com Genuity Managed Services, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Don Jenkins: "Re: REVIEW: "WiFi Security", Stewart S. Miller"
- Previous message: Vojislav Ristivojevic: "Re: Cain Algorithm"
- In reply to: Michael D. Kirkpatrick: "How secure is SSL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
