Wireshark-users: Re: [Wireshark-users] SSL Decryption

From: Derek Shinaberry <postmaster@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Aug 2007 16:24:49 +0100
I've got it now. I knew I had to be missing something fundamental, because if I wasn't, the whole foundation of SSL would be in jeopardy.

The pages I read talked about the client key exchange message sending the premaster secret from the client to the server, but neglected to mention that the client encrypts it using the server's public key. And once it's encrypted, the only way to get it back is using the server's private key. My brain fart was that I stupidly thought the premaster secret was sent in the clear. In hindsight, I suppose it would be rather dumb to call it a secret if it were sent in the clear.

Since you have to know the premaster secret to compute the master secret, you'd either have to know the server's private key or somehow obtain the premaster secret from the client before it encrypted it.

Well, thank god I've confirmed for us all that SSL is really secure after all. I'm sure you were all very worried about it. ;-)

On Aug 10, 2007, at 4:03 PM, Jeff Morriss wrote:

Derek Shinaberry wrote:
Can someone help me understand why you must have the server's private
key in order to be able to decrypt the session between the client and
the server?  It seems to me that if the server and client can conduct
the session without the client ever knowing the server's private key,
then a capture of the session on the client's side ought to be able
to decrypt the session using just what is in the SSL handshake
exchange.  What don't I understand about the process that precludes
this behavior?

You might want to read:

http://en.wikipedia.org/wiki/Public_key_cryptography
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users