We help IT Professionals succeed at work.

# cant understand this cryptographic scenario

on
Medium Priority
242 Views
Assume that two parties already have access to a shared secret andthat they have each otherâ€™s public key. Why is it still good practice toregularly re-negotiate new session keys for continued negotiation under such circumstances? What are the several potential attacks and conditions that are mitigated by this approach.
Comment
Watch Question

## View Solutions Only

Commented:
Any cryptographic algorithm is a sequence of mathematical relationships which is known to everybody. So theoritically speaking you can still break them, only time matter. Now if a long conversation uses a same key, there is a chance that the intruder might be *lucky* to break 'em while the data's importance is still valid.

On the other hand if the actual keys are not used but they are used only to *create* session keys which renegotiates at a fixed interval, then cracking this becomes difficult.

For example, if I speak for 4 hours using 1 key, all I need to crack is the full traffic and find out this one key.

If I speak for 4 hours using 4 keys renegotiated at 1 hour interval, then it becomes full traffic and find out 4 keys.

Hope this helps.

Cheers,
Rajesh

Not the solution you were looking for? Getting a personalized solution is easy.

Security Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
That pretty much sums it up. There is also the possibility for man-in-the-middle attack and key replay, it defiantly helps with key replay, but not so much with MTM.
http://en.wikipedia.org/wiki/Anti-replay http://en.wikipedia.org/wiki/Replay_attack (man in the middle isn't always a key replay)
http://en.wikipedia.org/wiki/Anti-replay
-rich
Commented:
because you use your session key (shared secret is just for authentication) to encrypt traffic. if it is compromissed in some way your encryption is useless. having the same key for a long time let people sniffing you have a lot of packets encrypted with the same key which gives him a lot of information to statistically try to get the key. if you change the key in short periods of time, he has to start again and again...
##### Thanks for using Experts Exchange.

• View three pieces of content (articles, solutions, posts, and videos)
• Ask the experts questions (counted toward content limit)
• Customize your dashboard and profile