Wireshark-dev: Re: [Wireshark-dev] help regarding decrypting of ssl

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Tue, 05 Aug 2008 09:39:07 -0400


prashanth joshi wrote:
Hi all,
I am currently working on writing a decoder for ssl for an internal server of our organization. Because it is internal server we have access to the private and the public keys of the certificate of the server. I am interested in knowing whether it is not at all possible to decrypt the ssl without using the brute force method. My requirement is that the sniffer should act passively in the network between the client and the server. And it should be able to decrypt the data without any kind of man in the middle kind of attacks. Is this possible? I see that the random numbers are exchanged between the client and the server initially during the handshake only for preventing the replay attacks. there after the master secret key is generated by the client by randomly generating a fresh random number. And then this master secret key is encrypted. Hence is there no hope to decrypt the ssl ? We own the certificates and hence can know the the private and public keys of the certificates. Is this information not enough in calculating the secret shared key? Actually a company called "Unleash Networks" have come with a product that they claim as capable of decrypting ssl. How they might have done it? By brute force method? Or is it possible to decrypt ssl?

See:

http://wiki.wireshark.org/SSL

for starters.