Re: Exchanging simmetric key


gino.fagiolino@xxxxxxxx wrote:
Why?
The server requires user authentication before going on (thus the need
for the client to send user and password in an encrypted way).

Upon reception of the first message from the server, the client is
authenticated, and both will use the common simmetric key for faster
encryption on chat messages - insted of using each other public key.


The purpose of the message must be something other than transporting
its content. What is that purpose?

The client already knows the secret (the simmetric key), but no one
sniffing in the channel would get is as long as he doesn't know the
server's private key.
Or should I make the server choose that key???

Why is the last part necessary at all? At that point, both client and
server have knowledge of the symmetric key. The encryption with the
client's public key is unnecessary. Why don't you just begin
communications with the symmetric key since both parties know it?

.