Questions tagged as ['tls']

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols which provide communication security (privacy and integrity) for a bidirectional data channel.
Score: 1
Does SSL connection provide integrity?
us flag

I'm new to cryptography and I'm trying to implement a secure chat application using OpenSSL.

I want to ensure that public messages (which will be shown to all users) cannot be altered during transmission.

Does the use of SSL connection guarantee that?

If not, would using digital signatures to sign every message so as to prove the identity of the sender be a proper solution?

Score: 2
Agniva Chaudhuri avatar
Why do people use protocols like PGP, when TLS already exists?
bv flag

TLS is the standard cryptography protocol on the internet, and many websites use it to secure their communications. However, for personal use, most people use other protocols like PGP, instead of using TLS keys/certificates.

There doesn't seem to be any reason to not use TLS for these things, or at least the encryption/signing part. The transport part of TLS isn't always needed, since people have ...

Score: 0
Bondolin avatar
Simple Key Exchange, One Server
gn flag

I am trying to better understand how TLS works. I understand in the normal use case you need various random values generated and used in the key exchange, to prevent some MITM reusing a previous transmission to spoof the server or the client.

However, let us assume some degenerate case where there is a single server whose single public key is already known by its clients as well as various adver ...

Score: 0
Using AES-CBC in TLS1.2
us flag

Is AES-CBC still vulnerable in TLS1.2 Or does the vulnerability only work for lower TLS versions? If not, why was it deleted in TLS 1.3?

Score: 2
Yotam Sofer avatar
Which block cipher mode of operation does TLS 1.3 use?
cl flag

Which block cipher mode of operation does TLS 1.3 use? I assume it is a block cipher mode that provides authentication (like GCM).

Score: 3
Yash Dhingra avatar
Concatenation of password and TOTP - possible issues
cn flag

I have come across a two factor login mechanism using Time based OTP (TOTP). TOTP (6 digits) is shown to the user in an app.

There are two ways of logging in.

Method 1:

User inputs the username and password. Then approves the login notification received in the TOTP app. There is no need to enter the TOTP in this case.

username = username
password = password

Method 2:

User enters the concatenation of ...

Score: 0
Is it possible to extract a signature from a HTTPS webpage?
se flag

Let's say I want to prove to someone that a webpage claims X. I could take a screenshot, but it could easily be doctored. However, the webpage's contents are encrypted by the domain using its private key. Is there a way to use the encrypted message to prove to someone that I haven't modified it?

I think this is possible if I generate a temporary private key and use it in the connection, then pres ...

Score: 0
HPKP on OS or library level
cn flag

Among the major operating systems (Windows, MacOS, Linux) or common TLS libraries (Schannel, openssl, boringssl) is their any way to pin certificates on a global level? So not just per application but ideally system wide or at least for all applications using a specific library.

Score: 1
Nacionarte avatar
Read ECDHE traffic with Wireshark or the like
us flag

There is some https traffic from a specific server (which I have the certificate and private key) that I need legitimately be able to read.

This traffic doesn’t come via browser so besides the ephemeral protocol being used using a pre-master secret key is not an option.

Is there any way it is possible to decrypt and analyze the traffic without downgrading the cypher suite to some deprecated RSA no ...

Score: 2
DannyNiu avatar
SSL/TLS Forward secrecy with 2 KEM public keys
vu flag

As we know, NIST PQC project is at its 3rd round, with draft standard expected to arrive in the next (few) year(s).

An unfortunate fact is that, we're not seeing many signature schemes general-purpose enough (in the sense that, the size of some of their cryptograms may be large). However, the lattice-based PKC/KEM algorithms have favorable cryptogram sizes.

In SSL/TLS, the forward secrecy feature is ...

Score: 2
Jack avatar
In TLS, does the client know the server's public key before starting the data exchange?
cn flag

I am reading about the logjam attack. I was asked if the attack could be prevented by checking the integrity of the Server Hello message.

My answer would be no because the man-in-the-middle can still not send the original Server Hello message and send its own.

From my research, it seems like the client only gets hold of the server's public key during the Server Hello message which includes the server's ...

Score: 0
Juanjo Martinez avatar
Authentication between two servers using PKA
cn flag

I've run into an small issue regarding authentication between 2 services (One way communication) using public and private key authentication (Elliptic Curve, secp256k1).

The services will communicate via an API REST via HTTPS, and the proposed implementation would be to have the client sign something with it's private key, send the signature along with the rest of the data, in the authentication  ...

Score: 1
Security proof for TLS 1.x
eg flag

In JKSS12, a proof for the handshake in TLS-DHE 1.2 is given, assuming (among other things) the PRF-ODH hypothesis on the PRF used to derive keys.

It is also stated that, if TLS 1.2 was to be modified to follow more closely the $\Sigma_0$ protocol from Canetti-Krawczyk; this protocol could be provably secure under a (weaker) DDH assumption instead of the PRF-ODH assumption (as it is the case for I ...

Score: 2
Eddie avatar
In TLS 1.3, is the Binder Key in a non-PSK derived key schedule always a consistent value?
in flag

The Key Schedule in the TLS 1.3 RFC starts like this:

   PSK ->  HKDF-Extract = Early Secret
             +-----> Derive-Secret(., "ext binder" | "res binder", "")
             |                     = binder_key
             +-----> Derive-Secret(., "c e traffic", ClientHello)
             |                     =  ...
Score: 1
Eddie avatar
In TLS 1.3, what is the rational for using different handshake transcripts for Resumption Master Secret vs Application Traffic Secrets?
in flag

The TLS 1.3 RFC, section 7.1 lists this as the last part of the key schedule:

   0 -> HKDF-Extract = Master Secret
             +-----> Derive-Secret(., "c ap traffic",
             |                     ClientHello...server Finished)
             |                     = client_application_traffic_secret_0