Sitemap
ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Member-only story

After Schrodinger’s Cat Meet Bleichenbacher’s CAT

8 min readDec 3, 2018

--

A core weakness in TLS relates to the handshaking of the session key which is used within the tunnel. With the RSA key exchange method, the server passes its public key to the server, and the client creates a new session key and then encrypts this with the server’s public key. When returned, the server decrypts it with its private key, and both the client and server have the same symmetric key (normally using AES). This method of key passing, though, is not well liked, and only around 6% of TLS connections use the RSA key exchange method, but intruders can still use it as a downgrade attack. In TLS 1.3, the RSA key exchange method has been removed.

--

--

ASecuritySite: When Bob Met Alice
ASecuritySite: When Bob Met Alice

Published in ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.

No responses yet