Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

cant understand this cryptographic scenario

Assume that two parties already have access to a shared secret andthat they have each other’s public key. Why is it still good practice toregularly re-negotiate new session keys for continued negotiation under such circumstances? What are the several potential attacks and conditions that are mitigated by this approach.
0
shairan
Asked:
shairan
3 Solutions
 
rsivanandanCommented:
Any cryptographic algorithm is a sequence of mathematical relationships which is known to everybody. So theoritically speaking you can still break them, only time matter. Now if a long conversation uses a same key, there is a chance that the intruder might be *lucky* to break 'em while the data's importance is still valid.

On the other hand if the actual keys are not used but they are used only to *create* session keys which renegotiates at a fixed interval, then cracking this becomes difficult.

For example, if I speak for 4 hours using 1 key, all I need to crack is the full traffic and find out this one key.

If I speak for 4 hours using 4 keys renegotiated at 1 hour interval, then it becomes full traffic and find out 4 keys.

Hope this helps.

Cheers,
Rajesh
0
 
Rich RumbleSecurity SamuraiCommented:
That pretty much sums it up. There is also the possibility for man-in-the-middle attack and key replay, it defiantly helps with key replay, but not so much with MTM.
  http://en.wikipedia.org/wiki/Anti-replay http://en.wikipedia.org/wiki/Replay_attack (man in the middle isn't always a key replay)
http://en.wikipedia.org/wiki/Anti-replay
-rich
0
 
mahe2000Commented:
because you use your session key (shared secret is just for authentication) to encrypt traffic. if it is compromissed in some way your encryption is useless. having the same key for a long time let people sniffing you have a lot of packets encrypted with the same key which gives him a lot of information to statistically try to get the key. if you change the key in short periods of time, he has to start again and again...
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now