Questions tagged as ['tls']
I'm new to cryptography and I'm trying to implement a secure chat application using OpenSSL.
I want to ensure that public messages (which will be shown to all users) cannot be altered during transmission.
Does the use of SSL connection guarantee that?
If not, would using digital signatures to sign every message so as to prove the identity of the sender be a proper solution?
TLS is the standard cryptography protocol on the internet, and many websites use it to secure their communications. However, for personal use, most people use other protocols like PGP, instead of using TLS keys/certificates.
There doesn't seem to be any reason to not use TLS for these things, or at least the encryption/signing part. The transport part of TLS isn't always needed, since people have ...
I am trying to better understand how TLS works. I understand in the normal use case you need various random values generated and used in the key exchange, to prevent some MITM reusing a previous transmission to spoof the server or the client.
However, let us assume some degenerate case where there is a single server whose single public key is already known by its clients as well as various adver ...
Is AES-CBC still vulnerable in TLS1.2 Or does the vulnerability only work for lower TLS versions? If not, why was it deleted in TLS 1.3?
Which block cipher mode of operation does TLS 1.3 use? I assume it is a block cipher mode that provides authentication (like GCM).
I have come across a two factor login mechanism using Time based OTP (TOTP). TOTP (6 digits) is shown to the user in an app.
There are two ways of logging in.
User inputs the username and password. Then approves the login notification received in the TOTP app. There is no need to enter the TOTP in this case.
username = username password = password
User enters the concatenation of ...
Let's say I want to prove to someone that a webpage claims X. I could take a screenshot, but it could easily be doctored. However, the webpage's contents are encrypted by the domain using its private key. Is there a way to use the encrypted message to prove to someone that I haven't modified it?
I think this is possible if I generate a temporary private key and use it in the connection, then pres ...
Among the major operating systems (Windows, MacOS, Linux) or common TLS libraries (Schannel, openssl, boringssl) is their any way to pin certificates on a global level? So not just per application but ideally system wide or at least for all applications using a specific library.
There is some https traffic from a specific server (which I have the certificate and private key) that I need legitimately be able to read.
This traffic doesn’t come via browser so besides the ephemeral protocol being used using a pre-master secret key is not an option.
Is there any way it is possible to decrypt and analyze the traffic without downgrading the cypher suite to some deprecated RSA no ...
As we know, NIST PQC project is at its 3rd round, with draft standard expected to arrive in the next (few) year(s).
An unfortunate fact is that, we're not seeing many signature schemes general-purpose enough (in the sense that, the size of some of their cryptograms may be large). However, the lattice-based PKC/KEM algorithms have favorable cryptogram sizes.
In SSL/TLS, the forward secrecy feature is ...
I am reading about the logjam attack. I was asked if the attack could be prevented by checking the integrity of the Server Hello message.
My answer would be no because the man-in-the-middle can still not send the original Server Hello message and send its own.
From my research, it seems like the client only gets hold of the server's public key during the Server Hello message which includes the server's ...
I've run into an small issue regarding authentication between 2 services (One way communication) using public and private key authentication (Elliptic Curve, secp256k1).
The services will communicate via an API REST via HTTPS, and the proposed implementation would be to have the client sign something with it's private key, send the signature along with the rest of the data, in the authentication ...
In JKSS12, a proof for the handshake in TLS-DHE 1.2 is given, assuming (among other things) the PRF-ODH hypothesis on the PRF used to derive keys.
It is also stated that, if TLS 1.2 was to be modified to follow more closely the $\Sigma_0$ protocol from Canetti-Krawczyk; this protocol could be provably secure under a (weaker) DDH assumption instead of the PRF-ODH assumption (as it is the case for I ...
The Key Schedule in the TLS 1.3 RFC starts like this:
0 | v PSK -> HKDF-Extract = Early Secret | +-----> Derive-Secret(., "ext binder" | "res binder", "") | = binder_key | +-----> Derive-Secret(., "c e traffic", ClientHello) | = ...
The TLS 1.3 RFC, section 7.1 lists this as the last part of the key schedule:
... 0 -> HKDF-Extract = Master Secret | +-----> Derive-Secret(., "c ap traffic", | ClientHello...server Finished) | = client_application_traffic_secret_0 ...