WebApp Sec mailing list archives
Re: Using SSL private key for cookie's HMAC
From: Peter Conrad <conrad () tivano de>
Date: Mon, 6 Sep 2004 10:41:44 +0200
Hi, On Mon, Sep 06, 2004 at 12:45:10AM +0000, Jason Coombs PivX Solutions wrote:
The simplest, most direct path to discovering an SSL server's private/public key pair is to precompute every possible key pair and then do a lookup when the server gives you its public key. Every other attack on SSL cryptography that seeks to discover the server's private key *should* be more difficult to accomplish, since it would involve factoring or finding a needle (a discernable pattern that should not exist) in a ciphertext haystack.
erm... factoring is better than brute force, isn't it? Bye, Peter -- Peter Conrad Tel: +49 6102 / 80 99 072 [ t]ivano Software GmbH Fax: +49 6102 / 80 99 071 Bahnhofstr. 18 http://www.tivano.de/ 63263 Neu-Isenburg Germany
Current thread:
- Using SSL private key for cookie's HMAC Simon Zuckerbraun (Aug 27)
- Re: Using SSL private key for cookie's HMAC Andrew Steingruebl (Sep 05)
- Re: Using SSL private key for cookie's HMAC Jeff Williams (Sep 05)
- Re: Using SSL private key for cookie's HMAC Adam Shostack (Sep 05)
- <Possible follow-ups>
- Re: Using SSL private key for cookie's HMAC Jason Coombs PivX Solutions (Sep 05)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 06)
- Re: Using SSL private key for cookie's HMAC Jason Coombs PivX Solutions (Sep 07)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 07)
- Webserver problems John Fisher (Sep 09)
- RE: Webserver problems Dinis Cruz (Sep 10)
- Re: Webserver problems Mike Kalinovich (Sep 11)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 06)