Re: [ssl-users] 48bit Pre Master Secret

Fri, 10 Apr 1998 06:45:05 -0400 

the pre-master-secret is 48 BYTES not bits ! (with 2 known bytes : proto version)

peace

jOe wrote:

> Sorry, I left some words. Let me reiterate the question
>
> Cryptographic keys used by SSL sessions are mainly derived from a single
> Pre Master Secret which is transmitted after being encrypted by the
> server's public key. The other values used to derive the cryptographic
> keys such as the Server Random Number and the Client Random NUmber are
> transmitted in PLainText during the Hello messages.
>
> Am I right say that:
> Besides weak ciphers, the 48 bit Pre Master Secret is the next alternative
> for a brute force attack to be carried out on a SSL session, since all the
> session keys and MAC keys are derived (mainly) from this 48 bit value.
>
> Please correct me if there is a fact that discourages this brute force
> attack to break security of a SSL session.
>
> jOe
>
> On Fri, 10 Apr 1998, jOe wrote:
>
> >
> > Since all cryptographic keys used by ssl are derived from a 48 bit Pre
> > Master Secret.
> > Would this Pre Master Secret be a starting point to carry
> > out a brute force attack on SSL? Or is there any reasons that this is not
> > so?
> >
> > jOe
> >
> > +-------------------------------------------------------------------------+
> > | Administrative requests should be sent to [EMAIL PROTECTED] |
> > | List service provided by Open Software Associates, http://www.osa.com/  |
> > +-------------------------------------------------------------------------+
> >
>
> +-------------------------------------------------------------------------+
> | Administrative requests should be sent to [EMAIL PROTECTED] |
> | List service provided by Open Software Associates, http://www.osa.com/  |
> +-------------------------------------------------------------------------+



+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to