@DS Nicely put. So, if I was to try to decrypt/encrypt one of these messages, I would need the key and the iv and something else? Because if just the key and iv are sufficient to encrypt/decrypt the data, then how are the different encrypted messages generated for the same cleartext?
On Tue, Jun 17, 2008 at 12:04 AM, David Schwartz <[EMAIL PROTECTED]> wrote: > > > While observing some packet dump, I noticed that while sending > > the same application data over twice, different packet dumps > > were obtained in both cases. > > Good. > > > This was done in the same SSL session, so the connection keys > > being used are all the same. Is this expected behavior or am I > > reading the packet dumps wrong? > > This is expected behavior. Imagine if the first message was "attack at > dawn" > and the second message was "attack at noon". Would you be happy if a > man-in-the-middle could change the second message to "attack at dawn" (by > replacing the end of the second exchange with a copy of the end of the > first)? I know I wouldn't be. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >