Uh, that's mostly right. My understanding is as follows:
DISCLAIMER: This is long, Off Topic, probably inaccurate and employs
frequest use of sarcasm. Feel free to hit your delete key now.
The Cast:
Client - Armed with the latest major browser and their knowledge that they
are at the bleeding edge of technology, wants to do s00per sec00r web stuff.
Bank - Ready and willing to oblige, and is armed with an SSL server, a 2048
bit RSA keypair and a temporary 512 bit RSA keypair which was generated last
time it restarted. Hopefully a new 512 bit RSA key will be generated often,
since RSA recommends a minimum of 768-bit. Note that this is only a
recommendation that applies to The Good Guys (US residents) whereas the rest
of us Apple Pie Hating Commie Scum should think ourselves lucky that we have
512 bit instead of Uncle Sam camping in our underpants and watching our
every move like we deserve.
Act I - Key Exchange
Client: "Yo, www.bank.com - gimme some o' that secure action"
Bank: "Sho 'nuff. Here are the encryption sets I know."
<Client> Generates 48 bytes of white noise
Client: "OK, here's my white noise. I'm unfortunate enough to live in
AUSTRALIA, which must be some kind of HOSTILE STATE and I'm not ALLOWED to
have your REALLY SMRT STRONG CRYPTO so I'll just encrypt it with your tiny
512 bit key."
US Government: (Chilling laugh in the manner of Stalin upon contemplating
Russia)
We pause as the client and the bank both do computer stuff to the white
noise. They'll throw in some stuff like the session id etc. When they're
done, they will have both generated a "Master Key". These Master Keys are
the same, but they have never been transmitted over the wire. From these
master keys, both ends generate some other keys. Different keys are used for
reading and writing, so there is actually more than one symmetric key that
will be generated here. Since our hapless Client is stuck in AUSTRALIA, they
will only be able to use a PATHETIC 40 bit key, which stands up to
cryptanalysis like fairy floss stands up to a blowtorch.
Next, optionally, we have this:
Bank: Ok, buddy. So how do I know that you're really Client and not actually
an Evil Hacker intent on gorging yourself on the tender electronic bucks
stored in my underbelly? Show me your X.509 certificate...
Client: Here. Ask BigCA about me - I'm the real deal.
Bank: Hmmm...well, the certificate checks out. Welcome to ExtortionBank -
Bank of the Future!
Act II - 'secure' transaction
Now, during the 30 seconds before the hackers, who are clustered around this
exchange like acne-ridden vultures, crack the 40 bit keys, Client tries to
get all their banking done. Any data that is sent back and forth is
encrypted with ROT-13^H^H^H^H^H^H the 40 bit keys - no data is encrypted
with the RSA stuff.
Note that at the moment we have a SESSION. If Client opens another window,
has a machine crash, goes for lunch, etc, they can come back to this session
(as long as the Bank doesn't expire it) and pick up where they left off,
without doing the key exchange thang. Recommendations are probably for
around 24 hours, which gives that hackers 23 hours and 54 minutes of free
range with the cracked 40 bit keys. Of course if the session is actually
closed by the client, it's gone much sooner.
Once this session closes, all those sickly 40 bit keys are discarded, never
to be used again.
So, we can see that:
Should the session keys be broken, it's not that much of a big deal,
provided that your session doesn't go on for more than the 2.3 seconds it
takes to break 40 bit DES.
Should the 512 bit RSA key be factored, it's bad if and only if Bad Guys are
watching the wire at the time the pre-master-secret is exchanged. It's also
pretty unlikely, sine the latest effort took A Goodly Time (tm).
Should the 2048 bit RSA key be factored, we'll all be VERY SURPRISED
US export laws for encryption suck.
Thankyou for your time.
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 08, 1999 7:12 AM
> To: [EMAIL PROTECTED]
> Subject: SSL use RSA keys? Follow up question...
>
>
> To all,
> First, to all that contributed responses so far, thank you
> very much for
> being patient and providing a wealth of information to my sort of
> clueless mind.
>
> I've read everyone's responses in detail. Spent hours
> mulling over the
> original article in the NY Times
> (http://www.nytimes.com/library/tech/99/09/biztech/articles/06
> code.html)
> that started all this hoopla.
>
> What's scary, is that I think I'm getting a clue here. But
> I'd like to
> submit my thoughts and a few questions to you'all for review/comment
> before I even think I might have a clue. Here we go:
>
> Background: Web server using SSL 128-bit Strong U.S. encryption
> w/compatible browser.
>
> My understanding of the process:
[snip]
> QUESTION: Is what I've said above correct? (in CEO's terminology)
>
> Please keep in mind that I'm from the "old" crypto days (70's & 80's)
> before PC's. I'm trying, be gentle.
>
> Thanks a bunch,
> Michael Sorbera
> Webmaster
> Randolph-Brooks Federal Credit Union
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
