-
May 31st, 2002, 07:33 AM
#1
cracking aes encryption and Diffie - Hellmann key exchange algs using pkt sniffing.
i and some of my friends created a tool for secure chatting and mail transactions. for this we used a aes 128bit for data confidentiality, Diffie Hellman key exchange algorithm for exhanging data from a central server (key distribution center) and RSA 1024bit for authentication. is there any possiblity of getiing the confidential information during the transaction by packet sniffing attacks. if so tell me how and how to improvise the tool.
-
June 3rd, 2002, 04:52 AM
#2
Yeah, i think so, perhaps, maybe.... if your key is available publicly it *can be* edited then reposted with the edited version capable of sending duplicate messages to whoever is the snoop. But, if your name isn't one you hear on the evening news i doubt anyone is going to go to the trouble.
-
June 3rd, 2002, 04:58 AM
#3
Ahh, Whitfield Diffie. Such a pioneer.
-
June 8th, 2002, 08:32 PM
#4
Junior Member
It could be screwed up in the way that The Old Man said, but if you're using it for chatting, why not just send the key manually via the IRC client? In other words, just 'say' it in the chat room. Then just input the key after running Diffie-Hellman Key Exchange program subroutine on it and you're set.
-
June 9th, 2002, 12:36 PM
#5
nobody knows the key even the KDC Server as and when the the key is generated is encrypted with itself and stored in the database this is used for transactions. not the original key, hence we donot know what the key actually is? we wrote a seperate chat client and server ofcourse they are full of bugs
P.S.
if anybody wants take a look of the s/w i will send the s/w with code. just mail me to this address infyquest@yahoo.com
-
June 9th, 2002, 01:03 PM
#6
What if someone go into the database and reversed the encryption you mentioned?
script language=\"M$cript\";
function beginError(bsod) {
return true; }
onLoad.windows = beginError;
-
June 9th, 2002, 10:14 PM
#7
Junior Member
Morfius: 128 bit Rijndael and 1024 bit RSA could only be broken by really powerful computers, a.k.a. an entire network of supercomputers like the NSA has. But they probably wouldn't bother cryptanalyzing a chat room LOL
I think it should probably work just fine Infyquest, if it works out send me a copy of the software (if you don't mind)
-
June 9th, 2002, 10:52 PM
#8
At first your setup sounds pretty much like SSL...
Could you elaborate on how a session is created?
Do you use private keys to encrypt session key exchange then use symetric encryption?
Ammo
Credit travels up, blame travels down -- The Boss
-
June 10th, 2002, 08:22 AM
#9
Sounds very similar to SSL to me as well. The only time you are vunerable to a packet sniffing attack is the time when you exchange key(s) with the other party. If you can do this safely, then your link is pretty secure, depending on the encryption method you are using for the exchange of data (but AES 128 bit is pretty secure).
-
June 11th, 2002, 07:29 AM
#10
the session key is generated like this:
when the client logs in, i mean into the server the server generates the session key and sends it the client in the encrypted form (which is aswell stored in the DB for that user for that time) and the all the transactions begin using this session key
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|