Michael, et al..
the short answer is yes, SSL does use RSA keys.
However, these are not the keys used in the encryption and authentication of
client/server traffic. These asymmetric key pairs are used by the client and
server to securely exchange a smaller symmetric session key which is then
used to encrypt and authenticate traffic for the duration of one session.
FYI - most 3rd party certificate vendors (like Verisign) nowadays use 1024
bit or higher keys in their SSL certificates, which are used in generation
and exchange of the 40 or 128 bit (symmetric) session keys used to encrypt
and authenticate the client/server session. Breaking this level of
asymmetric encryption is considered by most experts impossible, and 128-bit
symmetric keys are so strong that they would, in theory, take a
trillion-trillion years to break.
HTH,
Boyd A. Carter
Technical Advisor
Check Point Software Technologies
"We Secure The Internet"
http://www.checkpoint.com
**Affiliation for association not representation**
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Friday, September 03, 1999 2:35 PM
> To: [EMAIL PROTECTED]
> Subject: Does SSL use RSA keys?
>
>
> To all that have a clue,
>
> Please help clarify two points. If this is a little off for this list,
> please excuse. I know you folks out there know the answers.
>
> Does SSL use RSA keys?
>
> In SSL, is the key generated each time a browser initiates a session?
> Or if someone has the "crack" for a certain key, can they then decrypt
> all messages coded with that key?
>
> What started all this? An article I read said that the 512 bit RSA
> encryption module had been cracked. The headline of the article said
> that "the standard used to encrypt financial transactions on the
> Internet is no longer secure."
>
> My impression was that the RSA keys are used in PGP and a lot of VPN
> networks, and that the SSL keys are not the same.
>
> Please clarify.
>
> Thanks,
> Michael Sorbera
> Webmaster
> Randolph-Brooks Federal Credit Union
>
> "In the land of the clueless, he who has half a clue is King!"
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
