SSL: can the secret key be sniffed before the actual encryption begins?

Posted by Jorre on Stack Overflow See other posts from Stack Overflow or by Jorre
Published on 2011-11-27T17:44:10Z Indexed on 2011/11/27 17:51 UTC
Read the original article Hit count: 238

Filed under:
|
|

I was looking into SSL and some of the steps that are involved to set up an encrypted connection between a server and a client computer.

I understand that a server key and certificate is sent to the browser, and that a secret code is being calculated, like they say in the following video:

http://www.youtube.com/watch?v=iQsKdtjwtYI

around 5:22, they talk about a master secret code that is being calculated to start talking in an encrypted way.

My question now is: before the connection is actually encrypted (the handshake phase), all communication between the server and the client can be sniffed by a packet sniffer. Isn't it then possible to sniff the encryption key or other data that is used to set up a secure connection?

© Stack Overflow or respective owner

Related posts about ssl

Related posts about openssl