SSL security with server certificate compromised
- From: "Gonzo" <gonzalo.diethelm@xxxxxxxxx>
- Date: 22 Dec 2006 04:06:33 -0800
Hello everyone,
This may be very obvious, but I would love to hear a clear explanation.
Let's say I configure a web server with HTTPS only. Then I issue a
couple of queries from a browser, while I sniff all the traffic out to
a file (even though is is encrypted). Finally, I hand you the sniffed
traffic AND the server certificate file (cert file, key file, even the
key phrase or password). Questions:
1. Can the sniffed traffic be decrypted, at least in theory, with all
the information in the scenario I am posing? My guess is "yes",
although I am not sure how to go about it.
2. If the traffic can be decrypted, is this a time consuming process,
or a pretty quick thing? Perhaps it is even trivially scriptable?
Thanks for any information and comments. Best regards.
Gonzalo Diethelm
.
- Follow-Ups:
- Prev by Date: Re: Any Free Anti-Virus software?
- Next by Date: Re: SSL security with server certificate compromised
- Previous by thread: Re: Any Free Anti-Virus software?
- Next by thread: Re: SSL security with server certificate compromised
- Index(es):
Relevant Pages
|
|
