Sorry, I left some words. Let me reiterate the question
Cryptographic keys used by SSL sessions are mainly derived from a single
Pre Master Secret which is transmitted after being encrypted by the
server's public key. The other values used to derive the cryptographic
keys such as the Server Random Number and the Client Random NUmber are
transmitted in PLainText during the Hello messages.
Am I right say that:
Besides weak ciphers, the 48 bit Pre Master Secret is the next alternative
for a brute force attack to be carried out on a SSL session, since all the
session keys and MAC keys are derived (mainly) from this 48 bit value.
Please correct me if there is a fact that discourages this brute force
attack to break security of a SSL session.
jOe
On Fri, 10 Apr 1998, jOe wrote:
>
> Since all cryptographic keys used by ssl are derived from a 48 bit Pre
> Master Secret.
> Would this Pre Master Secret be a starting point to carry
> out a brute force attack on SSL? Or is there any reasons that this is not
> so?
>
> jOe
>
> +-------------------------------------------------------------------------+
> | Administrative requests should be sent to [EMAIL PROTECTED] |
> | List service provided by Open Software Associates, http://www.osa.com/ |
> +-------------------------------------------------------------------------+
>
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
