Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

[Maxim Rise]

On Wednesday, February 1, 2017 at 10:48:52 PM UTC+2, Kyle Hamilton wrote:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing.  If
> this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work.
> 
> Memory dumps can be created by malware.  Packet captures can be created
> by anyone who has access to what should have been (but which have been
> in practice incredibly poorly-controlled) law-enforcement-limited taps
> in intermediate routers.
> 
> Before giving any kind of assistance, I'd really want to know the
> provenance of the machine in question, the employment and role (and
> legal authority) of the investigator, suspicions as to the nature of the
> information they expect to find therein, and reasons why violating the
> sanctity of the communication might possibly be desirable.
> 
> Of course, I expect that other people don't have the same kinds of
> ethical qualms that I do.
> 
> -Kyle H
> 


On Wednesday, February 1, 2017 at 10:48:52 PM UTC+2, Kyle Hamilton wrote:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing.  If
> this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work.
> 
> Memory dumps can be created by malware.  Packet captures can be created
> by anyone who has access to what should have been (but which have been
> in practice incredibly poorly-controlled) law-enforcement-limited taps
> in intermediate routers.
> 
> Before giving any kind of assistance, I'd really want to know the
> provenance of the machine in question, the employment and role (and
> legal authority) of the investigator, suspicions as to the nature of the
> information they expect to find therein, and reasons why violating the
> sanctity of the communication might possibly be desirable.
> 
> Of course, I expect that other people don't have the same kinds of
> ethical qualms that I do.
> 
> -Kyle H

It's my own firefox process memory dump from a virtual machine. It's for 
educational purposes.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

[Kyle Hamilton]

https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing.  If
this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work.

Memory dumps can be created by malware.  Packet captures can be created
by anyone who has access to what should have been (but which have been
in practice incredibly poorly-controlled) law-enforcement-limited taps
in intermediate routers.

Before giving any kind of assistance, I'd really want to know the
provenance of the machine in question, the employment and role (and
legal authority) of the investigator, suspicions as to the nature of the
information they expect to find therein, and reasons why violating the
sanctity of the communication might possibly be desirable.

Of course, I expect that other people don't have the same kinds of
ethical qualms that I do.

-Kyle H


On 2017-02-01 11:54, Maxim Rise wrote:
> I know about SSLKEYLOGFILE environment path, but I can't use it. I extracted 
> master secret from a memory dump and I need to unwrap it in order to use it 
> to decrypt the wireshark ssl communication.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

[Maxim Rise]

I know about SSLKEYLOGFILE environment path, but I can't use it. I extracted 
master secret from a memory dump and I need to unwrap it in order to use it to 
decrypt the wireshark ssl communication.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto