LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Default "secrets"

Default "secrets"

Posted Jan 6, 2011 12:38 UTC (Thu) by erwbgy (subscriber, #4104)
In reply to: Default "secrets" by Fowl
Parent article: Default "secrets"

Perhaps I misunderstand SSL, but I thought that the certificate was only useful to ensure the identity, not to encrypt the session. I mean each session has randomised session keys not based on the private key.

The public and private keys are used when exchanging the session key, so if you have access to the private key then you will be able to find out the session key and decrypt the traffic.

The Wikipedia TLS page explains this well:

In order to generate the session keys used for the secure connection, the client encrypts a random number with the server's public key and sends the result to the server. Only the server should be able to decrypt it, with its private key.

(Log in to post comments)

Wrong, see Diffie-Hellman

Posted Jan 8, 2011 20:46 UTC (Sat) by kleptog (subscriber, #1183) [Link]

Well, the GP poster is correct, if Diffie-Hellman is enabled in SSL then you have perfect forward secrecy. In other words, even if someone has the private key and sniffs all the traffic, they *still* can't decrypt it.

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_e...

It's a neat trick whereby the server and client can agree on a key over an insecure channel.

So this list is useful for MITM attacks but not always useful for eavesdropping. Now, if they have checked all these routers and confirmed that in fact DH is disabled by default, then we have a different problem indeed.

(Incidently, I just tried my own router and Firefox doesn't say whether DH is enabled or not. Maybe that means no.)

For the fun of it, try surfing the web and rejecting any SSL connections that don't use DH. You'd be surprised the number of sites that either (a) are incompetent or (b) want anyone who has the private to be able to sniff your traffic. There are a lot of sites which will accept DH if you ask for it but will default to no.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds