Cryptographic Protocols - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

Analysis : The message data is typically fragmented into blocks of 2 14

bytes, after which data compression is optional. We do not describe the details of

the application of the MAC here since it is verysimilar to the HMAC described

in Section 7.2. The encryption is done with an SKC cipher, which can be any of

the suite of ciphers (or sets of ciphers) supported bySSL, listed below in order

of cryptographic strength. These are the cipher suites for SSL implementations

that use the RSA key-exchange algorithm.

1. Triple DES (see Section 3.2, page 131), using 168-bit encryption and SHA-1

message authentication (see page 255).

2. The onlystream cipher, RC4 (see Section 3.7, page 159), using 128-bit

encryption and MD5 message authentication (see page 255). When the

RC4 is used, the MAC is first computed, then the MAC and compressed

data are enciphered.

3. RC2 (a block cipher developed by Rivest for RSA Data Security), employing

128-bit encryption and MD5 message authentication.

4. DES (see Section 3.2) with 56-bit encryption and SHA-1 message authenti-

cation.

SSL supports the above varietyof cipher suites since clients and servers may

support different ciphers depending upon numerous factors.

The following protocol shows how the server and client authenticate one

another, send certificates, and establish session keys. (See Section 8.5 for a

general description of the client-server model.)

The SSL Handshake Protocol

Below there are actions that are: mandatory, situation-dependent, or op-

tional. We will call those that are either situation-dependent or optional, merely

optional for simplification of presentation in Diagram 5.3 on page 225.

I Contact and EstablishCapabilities :

1. The client sends the server a client-hello message, which contains the fol-

lowing fields:

(i) The client's SSL version number (usuallythe highest SSL version

supported bythe client).

(ii) Cipher suite (usuallylisted in decreasing order of preference), each

element (cipher suite) of which includes both a key-exchange algo-

rithm and the details of the cipher proposed. The following is the

SSL key-exchange suite of algorithms :

(a) RSA : The RSA public keyof the recipient is used to encipher

the secret key, but in order to validate the process, a public-key

certificate for the recipient must be accessible.

Search WWH ::

Custom Search

Home