Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?

From: Peter Seibel (peter_at_gigamonkeys.com)
Date: 07/27/05

• Next message: Roger Schlafly: "Re: Sometimes Terrorists can be Unimaginative"
• Previous message: Luc The Perverse: "Re: Barcode Email"
• Next in thread: Bodo Moeller: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Reply: Bodo Moeller: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Reply: David Wagner: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 26 Jul 2005 22:52:59 GMT

I've been reading about SSL and TLS (including the TLS spec) and I
have one question: since all the keys used for encryption and MACs are
derived from the 48-bit pre_master secret (albeit salted with the
random numbers sent in the Hello messages), doesn't the security of
the data sent over a session ultimately rest on that secret. Thus if
Eve captures the whole session, and wants to see what data was sent
over it, doesn't she just have to try out 2^48 different
possibilities? Obviously she may not be able to do this while the
session in still live, but if the data communicated was worth knowing
after the fact, might it not be worthwhile? Or is there some reason
that trying to crack a session this way is less feasable that directly
attacking the keys generated from the pre_master secret?

-Peter

-- 
Peter Seibel           * peter@gigamonkeys.com
Gigamonkeys Consulting * http://www.gigamonkeys.com/
Practical Common Lisp  * http://www.gigamonkeys.com/book/

• Next message: Roger Schlafly: "Re: Sometimes Terrorists can be Unimaginative"
• Previous message: Luc The Perverse: "Re: Barcode Email"
• Next in thread: Bodo Moeller: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Reply: Bodo Moeller: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Reply: David Wagner: "Re: Doesn't security of SSL/TLS boil down to the 48-bit pre_master secret?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Curses problem with keymapping in screen and debugging curses ... FreeBSD and Linux: ... All other keys, including alt/meta and some supposedly more ... given session expects. ... (freebsd-questions) Re: In-kernel Authentication Tokens (PAGs) ... userspace can decide that a process should begin a new session. ... Then additional key-ring contexts could be created as ... such keys without creating too much complexity. ... There would be IOCTLs on the key-ring dir handles for getting the ... (Linux-Kernel) Re: Keyboard problems with Java Desktop System ... |attempting to open a remote X session to these from a laptop with Solaris ... CDE or failsafe session). ... Note that you can set the keys via the gconf-editor GUI too by replacing ... the non empty keys by an empty string. ... (comp.unix.solaris) Re: Keyboard problems with Java Desktop System ... |attempting to open a remote X session to these from a laptop with Solaris ... CDE or failsafe session). ... Note that you can set the keys via the gconf-editor GUI too by replacing ... the non empty keys by an empty string. ... (comp.sys.sun.admin) Re: Writing Notes ... How do you regulate that so everyone can do their secret ... players have some extra time. ... sometimes i play an event after the game session when this has no ... around during a night halfway the session for personal purposes, ... (rec.games.frp.dnd)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint