[7979] in cryptography@c2.net mail archive
Re: Malign SSL server attacks
daemon@ATHENA.MIT.EDU (Rich Salz)
Thu Oct 19 00:44:48 2000
Message-ID: <39EE4374.262A7A90@caveosystems.com>
Date: Wed, 18 Oct 2000 20:42:28 -0400
From: Rich Salz <rsalz@caveosystems.com>
MIME-Version: 1.0
To: Eric Murray <ericm@lne.com>
Cc: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
> The only time the client signs something is when the
> server requests client auth. In TLS, the client signs MD5 and/or SHA1
> hashes of the TLS handshake messages that have passed between
> the client and server at that point in the protocol.
>
> In SSLv3, it signs an MD5 and/or SHA1 HMAC-like (nested hash with pads)
> of the same handshake messages.
Thanks for the detailed reply. So the question now becomes to what extent can
the badguy control the hash, by sending fixed nonce data, silly no-op packets,
etc... Hmm.
