Results 1 to 10 of 10

Thread: cracking aes encryption and Diffie - Hellmann key exchange algs using pkt sniffing.

  1. #1

    cracking aes encryption and Diffie - Hellmann key exchange algs using pkt sniffing.

    i and some of my friends created a tool for secure chatting and mail transactions. for this we used a aes 128bit for data confidentiality, Diffie Hellman key exchange algorithm for exhanging data from a central server (key distribution center) and RSA 1024bit for authentication. is there any possiblity of getiing the confidential information during the transaction by packet sniffing attacks. if so tell me how and how to improvise the tool.

  2. #2
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Yeah, i think so, perhaps, maybe.... if your key is available publicly it *can be* edited then reposted with the edited version capable of sending duplicate messages to whoever is the snoop. But, if your name isn't one you hear on the evening news i doubt anyone is going to go to the trouble.

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Ahh, Whitfield Diffie. Such a pioneer.

  4. #4
    Junior Member
    Join Date
    May 2002
    Posts
    25
    It could be screwed up in the way that The Old Man said, but if you're using it for chatting, why not just send the key manually via the IRC client? In other words, just 'say' it in the chat room. Then just input the key after running Diffie-Hellman Key Exchange program subroutine on it and you're set.

  5. #5
    nobody knows the key even the KDC Server as and when the the key is generated is encrypted with itself and stored in the database this is used for transactions. not the original key, hence we donot know what the key actually is? we wrote a seperate chat client and server ofcourse they are full of bugs
    P.S.
    if anybody wants take a look of the s/w i will send the s/w with code. just mail me to this address infyquest@yahoo.com

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    310
    What if someone go into the database and reversed the encryption you mentioned?
    script language=\"M$cript\";
    function beginError(bsod) {
    return true; }
    onLoad.windows = beginError;

  7. #7
    Junior Member
    Join Date
    May 2002
    Posts
    25
    Morfius: 128 bit Rijndael and 1024 bit RSA could only be broken by really powerful computers, a.k.a. an entire network of supercomputers like the NSA has. But they probably wouldn't bother cryptanalyzing a chat room LOL
    I think it should probably work just fine Infyquest, if it works out send me a copy of the software (if you don't mind)

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    At first your setup sounds pretty much like SSL...

    Could you elaborate on how a session is created?
    Do you use private keys to encrypt session key exchange then use symetric encryption?

    Ammo
    Credit travels up, blame travels down -- The Boss

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    Sounds very similar to SSL to me as well. The only time you are vunerable to a packet sniffing attack is the time when you exchange key(s) with the other party. If you can do this safely, then your link is pretty secure, depending on the encryption method you are using for the exchange of data (but AES 128 bit is pretty secure).

  10. #10
    the session key is generated like this:
    when the client logs in, i mean into the server the server generates the session key and sends it the client in the encrypted form (which is aswell stored in the DB for that user for that time) and the all the transactions begin using this session key

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •