On Fri, May 26, 2006 at 07:23:05AM +0530, Sreeram Kandallu wrote:
> Hi All
>
> Is it possible to decrypt a recorded SSL session, if the attacker gains
> access to the RSA private keys at a later point in time? If yes, what
> would be the best way to avoid this?
$ ciphers='kEDH:!aNULL:!LOW:!EXPORT:@STRENGTH'
$ openssl -v $ciphers
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
For all these ciphers the attacker has to brute force the symmetric key,
or brute force the DH exchange. Recovery of the RSA or DSS key does not
yield the session key. As DSS certificates are rare in practice, in practice
you get one of:
$ ciphers='kEDH+aRSA:!aNULL:!LOW:!EXPORT:@STRENGTH'
$ openssl ciphers -v "$ciphers"
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
These ciphers require SSLv3 or TLSv1.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
