[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

OK so I'm struggling to understand TLS/SSL authentication

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. OK so I'm struggling to understand TLS/SSL authentication
Thread replies: 13
Thread images: 1

Anonymous
2017-04-20 07:05:47 Post No. 59988604
[Report] Image search: [Google]
File: ssl.jpg (65KB, 746x364px) Image search: [Google]
ssl.jpg
65KB, 746x364px
Anonymous 2017-04-20 07:05:47 Post No. 59988604 [Report]
OK so I'm struggling to understand TLS/SSL authentication on a wifi network with no login. Are different private keys generated for each device on the network, and if so how do they bind the keys to that device? Is it by IP address or MAC address?
>>
Anonymous 2017-04-20 07:13:58 Post No.59988718
[Report]
Anonymous 2017-04-20 07:13:58 Post No.59988718 [Report]
> Are different private keys generated for each device on the network
It's even finer-grained than that, each application running on each device has a new random key for the duration of the session.
>>
Anonymous 2017-04-20 07:24:35 Post No.59988867
[Report]
Anonymous 2017-04-20 07:24:35 Post No.59988867 [Report]
>>59988718
Any ideas then on how you would decrypt the traffic with WS running in monitor mode?
>>
Anonymous 2017-04-20 07:37:22 Post No.59989021
[Report]
Anonymous 2017-04-20 07:37:22 Post No.59989021 [Report]
>>59988867

You don't, that's the point.
The magic of TLS/SSL and asyemmetric crypto in general is that it can guarantee (in theory) secure communication over an insecure channel.
As long as the client or server themselves aren't compromised, you're safe. No man in the middle can figure out what is being said by snooping.
>>
Anonymous 2017-04-20 07:39:07 Post No.59989043
[Report]
Anonymous 2017-04-20 07:39:07 Post No.59989043 [Report]
>>59989021
you can force traffic to be unencrypted using ssltrip
>>
Anonymous 2017-04-20 07:41:28 Post No.59989076
[Report]
Anonymous 2017-04-20 07:41:28 Post No.59989076 [Report]
>>59989021
You can set your browser to dump SSL encryption keys, which can be used to decrypt SSL network dumps in Wireshark.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
>>
Anonymous 2017-04-20 07:45:51 Post No.59989139
[Report]
Anonymous 2017-04-20 07:45:51 Post No.59989139 [Report]
>>59989076

Or this, yeah.

>>59989043

How does this work, does it intercept and rewrite links during HTTP communication so that it never enters HTTPS?
>>
Anonymous 2017-04-20 07:47:04 Post No.59989156
[Report]
Anonymous 2017-04-20 07:47:04 Post No.59989156 [Report]
>>59989076
But will that decrypt all the data captured by WS in monitor mode, or only the devices/applications which use those particular encryption keys?
>>
Anonymous 2017-04-20 07:51:01 Post No.59989211
[Report]
Anonymous 2017-04-20 07:51:01 Post No.59989211 [Report]
>>59989043
I don't think the client will let you downgrade with HSTS enabled.
>>
Anonymous 2017-04-20 07:52:03 Post No.59989222
[Report]
Anonymous 2017-04-20 07:52:03 Post No.59989222 [Report]
>>59989211
sslstrip2

everything else depends if the user is autistic enough
>>
Anonymous 2017-04-20 07:55:06 Post No.59989278
[Report]
Anonymous 2017-04-20 07:55:06 Post No.59989278 [Report]
>>59989156
Obviously only those that are explicitly set up this way and use the NSS library, as the possibility to decrypt connections is something you normally want to avoid.
>>
Anonymous 2017-04-20 07:56:18 Post No.59989302
[Report]
Anonymous 2017-04-20 07:56:18 Post No.59989302 [Report]
>>59989222
Do you have a good article explaining how HSTS is defeated in this case?
>>
Anonymous 2017-04-20 07:57:00 Post No.59989315
[Report]
Anonymous 2017-04-20 07:57:00 Post No.59989315 [Report]
>>59989302
no
Thread posts: 13
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.