HI I think you know what I am talking about. Well I read this about in a Paper by Scheiner "An Analysis of SSL 3.0 Protocol" Actually I am an Indian Student doing my Internship in France. We are working on extraction of Instrusion Detection Signatures from Failed Proofs of Cryptographic Protocols. FOr that I needed to know each and every thing associated with SSL and in knowing that I was trying to figure out what may be possible attacks and vulnerabilities. Please see below also:
> > >But even , SSL Encrypted web urls can be subjected to traffic > >analysis attack > >bye > >Shalendra > >Traffic analysis is possible, of course. In case of a simple >SSL protected web server the attacker can identify the server >you are talking to, and figure out the size and number of the >downloaded pages. If (s)he knows what sort of pages are on the >server (s)he may reconise which ones have been accessed. But >it's not a significant security risk in general. Yes! You are 100% right and also I did nt take this thing in account in my project since traffic analysis is passive and can be done from anywhere. But I would like to know do you have any program or script for this: since a client and a server have SSL Encrypted Communication but URL requests if encrypted using stream ciphers, we can know the length of URLs and you said intruder or third party can identify the SERVER(HOW???) and if it identifies the server and a script/program can be written to know how many pages of a given URL length, are on that sever and the attaker can figure out what sort of pages may have been accessed. Thanks for Discussion Shalendra > >Sandor > > >-- >Sandor Nagy,CISSP,Senior Software Engineer, Sophos Anti-Virus >Real Business/CBI Growing Business Awards: Company of the Year >Email: [EMAIL PROTECTED], Tel: 01235 559933, Web: >www.sophos.com > >______________________________________________________________________ >OpenSSL Project >http://www.openssl.org >User Support Mailing List >[EMAIL PROTECTED] >Automated List Manager >[EMAIL PROTECTED] _________________________________________________________ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
