Search Mailing List Archives
[liberationtech] Feds put heat on Web firms for master encryption keys
owen at owenbarton.com
Thu Jul 25 04:41:43 PDT 2013
On Thu, Jul 25, 2013 at 3:41 AM, Ben Laurie <ben at links.org> wrote:
> On 25 July 2013 11:22, Nick <liberationtech at njw.me.uk> wrote:
> > On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
> >> (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
> > Would Convergence help here? I can't see how. If a government
> > secretly aquired the SSL private keys for a site, and the site
> > continued using them, then no convergence notary would know any
> > cause not to vouch for the key.
> What helps here is perfect forward secrecy.
Could you describe how PFS helps here - the article didnt mesh with my
My understanding was that PFS was primarily a defense against
(non-real-time) cryptographic attacks on stored traffic - if PFS is not
used the attacker could decrypt much more traffic with the same compute
power, since the same session key is used for much more data, wheras with
PFS the session is tiny, meaning that the attacker only gets a tiny bit of
data for the same level of juice.
As far as I can see with SSL private keys:
- If an attacker has both the SSL private key for a host, and a MITM
position, then it would seem that as far as the client is concerned
(without doing additional sniffing) they are talking to the host directly,
and their connection is fully compromised regardless of PFS.
- If an attacker has both the SSL private key for a host, but not a MITM
position, then it would seem that the client is safe, since the SSL key is
only used for identity and data encryption keys are negotiated separately.
PFS is obviously still a benefit in this situation (in case the attacker
can capture traffic, but not run MITM attacks), but this is independent
from the status of the SSL private key.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech