Re: SSL questions

From: Punkroy (PunkroyREMOVETHIS@DrQue.net)
Date: 02/27/03 

From: PunkroyREMOVETHIS@DrQue.net (Punkroy)
Date: 27 Feb 2003 09:04:00 -0800

The question of compromised certificate

> > And my last question, which I just want to verify; if my server
> > certificate is compromised, is it possible to reconstruct encrypted
> > sessions? That is, if you have the private key from the server's
> > certificate, can you go back and decipher encrypted sessions? I know
> > this sounds like a question were the answer should obviously be "no",
> > but unless it's stated as such, you just can't help but to wonder.
> [...]
>
> Sorry, if your private key is compromised, you lose. Any transactions
> for which all the network traffic was captured by an eavesdropper can
> be decrypted by someone with knowledge of your private key. Think of
> it this way - the attacker knows all the information you (the server)
> knew about the session when the session was set up, so he can do all
> the things that your server did - in particular, generating the
> symmetric keys used to encrypt and decrypt all the messages.
>
   So that I am clear in what many seem to be saying: If anyone
compromises the server certificate, all communications that used that
certificate CAN be decoded. Is that correct?
   If so, am I the only one who feel that is a rather large open door
for all those e-commerce sites. A disgruntled employ gets access to
the server certificate and could decrypt any session that certificate
was used for?
   Okay, but the certificate still has a password on the private key,
right? But I've read server certificate can be stored without the
private key encrypted. In the setup I did, I read about this option
so you didn't have to enter a password when the webserver first
started. Anyone have an idea of how many admins don't encrypt the
certificate private key?

   For some reason, I had always thought the certificate was used only
for authentication and that both the server and client would generate
a temporary key set used to encrypt traffic only for that session.
After the session was complete, the key sets were discarded and the
data they sent back can not be decrypted by anyone-- including the
original sender and receiver (less bruteforce attack on session key,
factoring public key, ect). If that is not the case, why? I thought
about the possibility of speed being an issue-- but the client has to
generate a keyset. True, the server might be doing hundreds of
connections at once, but is the trade off really worth the risk? Is
there a system like the one I've outlined above already in SSL? If
so, please give me a link-- that is what I am interested in using.

   Since I am on the subject of server certificates, I might as well
ask this question as well: Does the root authority who signs a server
certificate ever get the private key? It seems this question should
also be a "no" answer, but after learning more about certificates from
this thread, I'm not sure I trust anything done by SSL.

That you all, this has been a very informative post thus far!

Punkroy -:(
Oi!

Me--> http://DrQue.net/Punkroy/

Relevant Pages

  • Re: Entourage mail and PGP/GPG?
    ... > You can digitally sign messages and encrypt them using CA. ... > using a certificate for each recipient. ... > recipient uses this certificate to verify which private key was ...
    (microsoft.public.mac.office.entourage)
  • Re: Encrypting Messages
    ... and private key situation, ... You encrypt a messages using SOMEONE ELSE's public key. ... > person that can decrypt that message is the one that has the matching ... > Use the public key from your certificate. ...
    (microsoft.public.outlook)
  • Re: CryptAcquireContext returns NTE_BAD_KEY_STATE?
    ... There is also a routine to check whether there is a certificate in the ... > The Microsoft software CSPs encrypt the private keys using DPAPI ... >> that is supposed to create a new server certificate with a private key). ...
    (microsoft.public.platformsdk.security)
  • Re: Need some information about certificates
    ... receiver uses your public key to verify the signature but for encryption you ... use an entities public key to encrypt the data and then the recipient uses ... their private key to decrypt the data. ... certificate installed on the server running my application. ...
    (microsoft.public.windows.server.security)
  • Re: SSL questions
    ... Sorry, if your private key is compromised, you lose. ... it this way - the attacker knows all the information you (the server) ... knew about the session when the session was set up, ... symmetric keys used to encrypt and decrypt all the messages. ...
    (sci.crypt)