Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A strange behavior of SSL in using the symmetric encryption key?

Tags:

ssl

encryption

I've used wireshark to watch several SSL3.0 traffic and decrypt the messages transferred between client & server.

And what I've just found is very strange :

AFAIK, the encryption-key, MAC and encryption algorithm used in calculating client-Finished and application-data sent by client are exactly the same.

But, when I use the same client-write-key used to encrypt client-finished (Derived from MasterSecret) to encrypt application data, I get the different result from what the client (firefox) calculated.

The odd behavior also happened with server: I can use server-write-key (derive from MasterSecret) to decrypt successfully the "server-finished" message, but failed to decrypt any other encrypted message from server.

So, can you please tell me what happened to the client-write-key & server-write-key ? Did both client and server changed their write-key after "finished" message sent?

PS: I forced client (Firefox) to use SSL V3.0, cipherSuite = TLS_RSA_WITH_RC4_128_MD5

like image 727
vantrung -cuncon Avatar asked Dec 07 '13 09:12

vantrung -cuncon


People also ask

What are the problems with symmetric key encryption?

One big issue with using symmetric algorithms is the key exchange problem, which can present a classic catch-22. The other main issue is the problem of trust between two parties that share a secret symmetric key. Problems of trust may be encountered when encryption is used for authentication and integrity checking.

Why does SSL use symmetric encryption?

SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.

Which of the following is used in symmetric encryption public key and user key SSL private key only TLS?

Symmetric encryption uses a shared private key while asymmetric encryption uses a public/private key pair.

Which is the largest disadvantage of the symmetric encryption?

Which is the largest disadvantage of symmetric Encryption? Explanation: As there is only one key in the symmetrical encryption, this must be known by both sender and recipient and this key is sufficient to decrypt the secret message.


1 Answers

I found out the answer myself : the function RC4 I've used didn't save the cipher state, while SSL stream cipher required that. I've used a RC4 class and problem resolved!

like image 143
vantrung -cuncon Avatar answered Oct 08 '22 02:10

vantrung -cuncon