Re: MAC and SSL
- From: "xmath" <xmath.news@xxxxxxxxx>
- Date: 14 Feb 2007 04:26:59 -0800
On Feb 14, 1:07 pm, "Ron Ayoub" <ronalday...@xxxxxxxxx> wrote:
Then I see that MAC algorithms are used with SSL. But isn't
authentication of parties (in case of mutual authentication)
established during the initial key exchange? My view is that the MAC
algorithm must be used for "continued authentication"(+ integrity)
during the course of the symmetric session. Am I correct on this?
What use would authentication be if it wouldn't cover the actual
communications?
"Hi, I'm Alice!"
"Hi, I'm Bob!"
<silence>
My next question is, is the key for the MAC the same as
the established session key for encryption or is a second key for the
MAC negotiated during the initial key exchange?
You should always use separate keys for MAC and encryption unless
things have been specifically designed to allow the same key to be
used for both (or some integrated encryption+MAC system is used).
Both keys might be derived (via hashing or such) from a single shared
secret though.
And this is an off question that may sound dumb. My teacher has a
slide that indicates that SSL is only used for the transmission of a
credit card number. This can't be true.
?!?!?!
SSL (nowadays actually called TLS) is a generic protocol for
establishing secure connections over TCP. It's not only used by
websites but also more and more for mail and other protocols. And of
course there are many more reasons for a website to want to be secure
other than handling credit card transactions.
At most it's possible that credit card transactions were the original
motivation for SSL, though I have no idea if this is the case.
- xmath
.
- References:
- MAC and SSL
- From: Ron Ayoub
- MAC and SSL
- Prev by Date: Re: Shannon -- the stream cipher, that is
- Next by Date: Re: MAC and SSL
- Previous by thread: MAC and SSL
- Next by thread: Re: MAC and SSL
- Index(es):
Relevant Pages
|
