Re: Ephemeral RSA Keys

Fri, 24 May 2002 11:26:52 -0700 

On Fri, May 24, 2002 at 10:14:40AM -0600, Joel Daniels wrote:
> >From what I understand Ephemeral Keys will keep someone who steals my
> private key from being able to decrypt my SSL communication.  He can still
> use a man-in-the-middle attack of course.
> 
> The SSL_CTX_set_options documentation says:
> 
> SSL_OP_EPHEMERAL_RSA
> 
> Always use ephemeral (temporary) RSA key when doing RSA operations (see
> SSL_CTX_set_tmp_rsa_callback(3)). According to the specifications this is
> only done, when a RSA key can only be used for signature operations (namely
> under export ciphers with restricted RSA keylength). By setting this option,
> ephemeral RSA keys are always used. This option breaks compatibility with
> the SSL/TLS specifications and may lead to interoperability problems with
> clients and should therefore never be used. Ciphers with EDH (ephemeral
> Diffie-Hellman) key exchange should be used instead.
> 
> I however am developing both the client and the server, are there any
> reasons why I should use Ephemeral RSA vs. Ephemeral DH?
> 
> Also are there any reasons why I should not use Ephemeral Keys period?

Ephemeral key improve your security due to the provided forward secrecy
you already mention. It becomes impossible for an attacker to decrypt
past communication. Future communication also stay secure as long as
the attacker can only listen. Mounting a man-in-the-middle attack may
not be too difficult, but the risk of being detected is far higher than
it is when just eavesdropping.
The price is a performance penalty.
For a discussion of ephemeral RSA vs. ephemeral DH: I don't know. When
switching from SSH-1 to SSH-2, RSA session keys were replaced with DH
ones, but that may have been for patent reasons. Maybe somebody else
can spread mor light on this point.

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to