Timeline for How does non-ephemeral Diffie-Hellman key exchange become compromised in SSL when the RSA private key is leaked?
Current License: CC BY-SA 3.0
12 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 21, 2020 at 13:27 | answer | added | Maxim Masiutin | timeline score: 0 | |
| Mar 9, 2014 at 4:34 | answer | added | Babu Srinivasan | timeline score: 4 | |
| Jun 28, 2013 at 16:30 | vote | accept | Polynomial | ||
| Jun 28, 2013 at 16:28 | answer | added | Tom Leek | timeline score: 25 | |
| Jun 24, 2013 at 9:30 | comment | added | Adi | @Polynomial I believe there's a miscommunication here. In any case, my information about this specific bit are coming from the answers on the grand SSL question and a great article by Vincent Bernat. The article actually explains exactly how the attack happens and why DHE/EDH is immune to the attack (the paragraph titled "Diffie-Hellman with discrete logarithm") | |
| Jun 24, 2013 at 8:40 | comment | added | Polynomial | @Adnan Yes, but I'm asking what the specific difference is. Saying "you just capture the data" doesn't tell me the mechanism by which the secret is revealed, nor does it explain why DHE is immune to the same attack. I'm also interested in what benefit the non-ephemeral DH provides over plain RSA, since I don't see any. | |
| Jun 23, 2013 at 19:40 | comment | added | Adi | @Polynomial But as far as I can see, you're asking about non-ephemeral DH. "How does this decryption of non-ephemeral Diffie-Hellman key exchange work in this context?" also the title "How does non-ephemeral Diffie-Hellman key exchange become compromised in SSL when the RSA private key is leaked?" | |
| Jun 23, 2013 at 15:42 | comment | added | Polynomial | @Adnan The difference is that DH ephemeral doesn't work that way. If you can observe the exchange data (e.g. through getting the private key at a later date), you still can't decrypt it. You have to have the key at the time and do a MitM attack, to learn the private exchange value of DHE. | |
| Jun 22, 2013 at 21:49 | comment | added | Adi | I'm not exactly sure what you're asking,I've probably misunderstood the question but as far as the first part goes, if you have all the traffic logged, you have everything. You look for the handshake, decrypt the pre-master with the private key, together with the random bits sent in plaintext with the Hello messages you can derive the master key. Using the master key you can now decrypt the traffic of previously sessions. | |
| Jun 21, 2013 at 17:09 | history | tweeted | twitter.com/#!/StackSecurity/status/348125468416954369 | ||
| Jun 20, 2013 at 19:35 | comment | added | CodesInChaos | I didn't look deeply into useless suites like fixed DH, but I think fixed-DH simply uses a signed DH key instead of an RSA key and thus has the essentially the same security properties. | |
| Jun 20, 2013 at 19:10 | history | asked | Polynomial | CC BY-SA 3.0 |