On 27-01-2011 18:27, Arno Garrels wrote:
Without the certificate(s) and private key(s) he may intercept transparently as long as he likes. When he wants to decrypt the session on the fly he has to go thru the handshake process on behave of the victim by presenting the stolen certificate(s), acting as a proxy server.
But stolen keys is your previous argument. After you have it, decoding the data is much more easy if you know how the key is used to encrypt/decrypt it. Knowing the encrypt algorithm is also important to, with brute-force, decode the data, if you just want to see what the communication is all about. That's why the security agencies don't like closed protocols.
-- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
