|
Posted by on March 27, 2006, 11:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
A have a limited understanding of SSL and TSL... and internet structure
in general for that matter, so this may sound like a stupid question.
When you ping a ip, it connects to several other ips before it reaches
it's destination. So, isn't it possible for those "middle-man"
computers to record the private and public keys as they pass from my
computer to the "secure" web site. And because the encryption methods
are well known, decrypt the information and gain access to the credit
card numbers/other secure information contained?
sorry if the question is dumb, just hoped someone could clear it up for
me.
|
|
Posted by Volker Birk on March 28, 2006, 3:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
tomodachigai@gmail.com wrote:
[SSL and TLS]
> When you ping a ip, it connects to several other ips before it reaches
> it's destination. So, isn't it possible for those "middle-man"
> computers to record the private and public keys as they pass from my
> computer to the "secure" web site.
It is not possible, because private keys never are being sent, and
public keys are public anyways ;-)
> sorry if the question is dumb, just hoped someone could clear it up for
> me.
What you seem to miss is the understanding of the idea of asymmetric
cryptography.
It works like this:
You have a key pair K1, K2. What you're encrypting with K1 cannot be
decrypted with K1 any more. It only can decrypted with K2. And vice versa,
what is encrypted with K2, can only decrypted with K1.
So both partners have such a keypair, say Alice has K1, K2 and Bob has
L1, L2.
Now Alice keeps K1 strictly secret - it's her "private key". And Bob does
so with L1 - it's his "private" key. The other keys they make public.
Now Alice sends K2 to Bob. And Bob sends L2 to Alice. It does not matter
if somebody listens.
When Alice now is wanting to send a message C to Bob, she encrypts the
message with her own secret K1. So when Bob is decrypting, he knows, that
this message came from Alice for sure, because this message can be decrypted
with K2, Alice's public key. And additionally, Alice encrypts the message
with the public key of Bob, L2. So this message can only decrypted by Bob
himself - because he is the only one, who has the matching private key L1.
So Alice encrypts the message C like this:
X = L2(K1(C)).
Only Bob can decrypt it, because only he has L1 to decrypt:
X' = L1(L2(K1(C))) = K1(C).
And Bob immediately can check, if this really is from Alice. Only, if Alice's
public key matches, then this will be a sensible message:
X'' = K2(K1(C)) = C.
This is the concept of assymetric cryptography. SSL further uses the concept
of cryptographic hashes to secure, that C really is a correct message. And,
when key exchange using such concepts is done, then the only data which is
sent usually is a key for a simple symmetric block cypher, which is used
afterwards instead of such asymmetric cryptography. The reason is speed -
this computes much faster.
Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
|
| Similar Threads | Posted | | How secure is ADS NAS kit? | August 3, 2005, 3:44 am |
| Have I done enough to secure my PC? | January 17, 2006, 3:30 am |
| RSA Secure ID Username | January 24, 2005, 3:53 am |
| GoToMyPC secure? | March 27, 2005, 3:52 pm |
| Secure Software | May 6, 2005, 8:42 pm |
| Secure Banking | June 20, 2005, 3:02 pm |
| Secure chat | September 13, 2005, 6:16 pm |
| Secure Move | November 13, 2005, 7:54 pm |
| Backup secure enough? | September 8, 2006, 10:10 am |
| Secure email | October 13, 2006, 11:37 pm |
|
XML site map