SSL decoding

Closed Thread
Page 2 of 2 FirstFirst 1 2
  1. #11

    Join Date
    Mar 2011
    Posts
    12

    Would it be easier using SSL man in the middle?


  2. #12

    Join Date
    May 2011
    Posts
    11

    I am afraid that there is no simple answer like yes or no.
    I will say that in normal condition you are not able to break SSL decrypting and is even harder when other form of encryption are used. sniffers like wireshark will only capture raw data that has to be decrypted to be able see what content have, capturing keys are also no way to go as this will trigger many alerts.

    iif SSL will be so easy to break then banks and other will not be using this at all.
    I think will be much easier (time and money efficient) to take control over the host rather then break the SSL encryption.


  3. #13

    Join Date
    Dec 2002
    Location
    θ–„ζ‰Άζž—
    Posts
    47,963

    Good one on ./

    "Remote timing attacks have been a problem for cryptosystems for more than 20 years. A new paper shows that such attacks are still practical ... The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL's implementation of the elliptic curve digital signature algorithm, and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server."