SSL: can the secret key be sniffed before the actual encryption begins?
Posted
by
Jorre
on Stack Overflow
See other posts from Stack Overflow
or by Jorre
Published on 2011-11-27T17:44:10Z
Indexed on
2011/11/27
17:51 UTC
Read the original article
Hit count: 238
I was looking into SSL and some of the steps that are involved to set up an encrypted connection between a server and a client computer.
I understand that a server key and certificate is sent to the browser, and that a secret code is being calculated, like they say in the following video:
http://www.youtube.com/watch?v=iQsKdtjwtYI
around 5:22, they talk about a master secret code that is being calculated to start talking in an encrypted way.
My question now is: before the connection is actually encrypted (the handshake phase), all communication between the server and the client can be sniffed by a packet sniffer. Isn't it then possible to sniff the encryption key or other data that is used to set up a secure connection?
© Stack Overflow or respective owner