Crypto attack against SSL outlined

Crypto attack against SSL outlined
John Leyden, The Register 2003-02-21

Swiss security researchers have discovered an attack against implementations of the ubiquitous SSL protocol that could potentially compromise email passwords, though not ecommerce transactions.

Colapse all | Post comment

Perfect Forward Secrecy... 2003-02-24
Anonymous

This is the main weakness in SSL. It almost never uses ephemeral keys, and even then it still uses the same ephemeral keys for as long as the daemon is running. The result is that known text attacks are feasable.

The solution is to use IKE/IPSec or SSH. These both use PFS which changes the DH ke...

[ more ] [ reply ]

Crypto attack against SSL outlined 2003-02-25
Anonymous

As this is a man-in-the middle attack timed-based on the server error messages, the attacker must also reside "closed" to the server which decrease the feasability on a real situation.

...

[ more ] [ reply ]