I'm no expert in cryptography, but don't most versions of TLS/HTTPS use RSA for encryption? Which in turn uses the private/public key methodology to prevent such attacks?
Even in the 90s, SSL (and PGP) used hybrid encryption. The data is encrypted (and authenticated) using symmetric primitives and the symmetric keys are exchanged or established using asymmetric cryptography. Asymmetric cryptography is also used to authenticate the counter party.
RSA encryption was popular for SSL/TLS but because it does provide forward secrecy it was deprecated. These days RSA is only used in digital signatures (which are not encryption) while key exchange is done using Diffie Hellman (specifically ECDHE).
CBC mode cipher suites used to add up to 8 bytes of padding (for deprecated 3DES) and up to 16 bytes of padding for AES, but the mac-then-encrypt TLS construction turned out to be very hard to implement correctly, so TLS 1.3 only allows modes based on CTR (AES GCM, CCM and ChaCha20-Poly1305) so not even minimal padding is done.
"These days RSA is only used in digital signatures (which are not encryption)"
AFAIK digital signatures are created by encrypting the hash of the plaintext (be it content ofthe certificate or a message or whatnot). But yeah, RSA isn't really used for key exchanges due to it lacking forward secrecy. There are exceptions to this unfortunately, such as Apple's iMessage which is decades behind in cryptographic innovation.
No AFAIK. The actual traffic is encrypted using a block cipher. Asymmetric crypto is only there to verify each peer's identity and establish a common secret for the symmetric cipher.
This is right - asymmetric crypto is awesome but just not anywhere near as fast as something like AES for chewing through chunks of data. So some anonymous asymmetric crypto (Diffie-Hellman or similar) is used to set up an encrypted channel, i.e set up a shared AES key, and then RSA is used to verify that the entity on the other end actually holds the private key for that subdomain. After that it’s AES pretty much all the way.
Yup that’s basically how it works. Usually when PFS is involved the keys are session based as opposed to using the same keypair for every session. This mitigates passive monitoring and future private key compromise/legal pressure permitting historic decryption of sniffed TLS sessions.
They use a form of key exchange (using RSA, Diffie-Hellman etc) to transfer the (symmetric) key used by the symmetric block cipher. So typically ECDHE and AES-256-GCM for e.g. so the symmetric key is wrapped.
wolf550e|4 years ago
RSA encryption was popular for SSL/TLS but because it does provide forward secrecy it was deprecated. These days RSA is only used in digital signatures (which are not encryption) while key exchange is done using Diffie Hellman (specifically ECDHE).
CBC mode cipher suites used to add up to 8 bytes of padding (for deprecated 3DES) and up to 16 bytes of padding for AES, but the mac-then-encrypt TLS construction turned out to be very hard to implement correctly, so TLS 1.3 only allows modes based on CTR (AES GCM, CCM and ChaCha20-Poly1305) so not even minimal padding is done.
maqp|4 years ago
AFAIK digital signatures are created by encrypting the hash of the plaintext (be it content ofthe certificate or a message or whatnot). But yeah, RSA isn't really used for key exchanges due to it lacking forward secrecy. There are exceptions to this unfortunately, such as Apple's iMessage which is decades behind in cryptographic innovation.
SAI_Peregrinus|4 years ago
s/does/doesn't/ there.
throwaway525142|4 years ago
joppy|4 years ago
beermonster|4 years ago
beermonster|4 years ago