question about SSL

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

question about SSL

Post by ratcateme on Fri Jan 30, 2009 12:36 am
([msg=17082]see question about SSL[/msg])

right what i was thinking is when you packet sniff some SSL packets in wireshark say HTTPS packets you cannot view them it needs the server ssl key thing right.
but what i dont understand is say that wireshark had all the packets then surely in the setup the server had to tell the client how it was going to encode data and how the client should encode data to send back.
and with that knowledge surely wireshark could decipher the transfer to plain text?
i guess i am missing something here could someone fill me in please?

Scott.
ratcateme
New User
New User
 
Posts: 4
Joined: Wed Apr 23, 2008 9:31 pm
Blog: View Blog (0)


Re: question about SSL

Post by sidebottom on Fri Jan 30, 2009 6:02 pm
([msg=17132]see Re: question about SSL[/msg])

That's the beauty of public key encryption! The whole idea is that you create two keys, a public one that you give out to others and a private one that you keep secret to yourself. Anyone can encrypt data your public key but cannot decrypt it without the private key.

So basically, in SSL you grab the servers public key from them, ask a trusted 3rd party (a certificate authority like Verisign) if that key really belongs to the server who gave it to you and then you encrypt a symmetric cipher key with it. You then send the encrypted key to the server (in theory, the only one that can decrypt it). Now you securely share a symmetric key with the server.

Check out http://en.wikipedia.org/wiki/RSA for more information.
sidebottom
Poster
Poster
 
Posts: 104
Joined: Fri Nov 21, 2008 12:09 am
Blog: View Blog (0)


Re: question about SSL

Post by ratcateme on Sat Feb 07, 2009 3:42 am
([msg=17499]see Re: question about SSL[/msg])

thanks man i had read some wikipedia stuff on it but never really understood that article helped a lot thanks

Scott.
ratcateme
New User
New User
 
Posts: 4
Joined: Wed Apr 23, 2008 9:31 pm
Blog: View Blog (0)



Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests