Graphics Programs Reference
In-Depth Information
0x750
Hybrid Ciphers
A
hybrid
cryptosystem gets the best of both worlds. An asymmetric cipher
is used to exchange a randomly generated key that is used to encrypt the
remaining communications with a symmetric cipher. This provides the
speed and efficiency of a symmetric cipher, while solving the dilemma of
secure key exchange. Hybrid ciphers are used by most modern cryptographic
applications, such as SSL, SSH, and PGP.
Since most applications use ciphers that are resistant to cryptanalysis,
attacking the cipher usually won't work. However, if an attacker can inter-
cept communications between both parties and masquerade as one or the
other, the key exchange algorithm can be attacked.
0x751
Man-in-the-Middle Attacks
A
man-in-the-middle
(MitM) attack
is a clever way to circumvent encryption.
The attacker sits between the two communicating parties, with each party
believing they are communicating with the other party, but both are com-
municating with the attacker.
When an encrypted connection between the two parties is established, a
secret key is generated and transmitted using an asymmetric cipher. Usually,
this key is used to encrypt further communication between the two parties.
Since the key is securely transmitted and the subsequent traffic is secured by
the key, all of this traffic is unreadable by any would-be attacker sniffing these
packets.
However, in an MitM attack, party A believes that she is communicating
with B
,
and party B believes he is communicating with A
,
but in reality, both
are communicating with the attacker. So, when A negotiates an encrypted
connection with B
,
A is actually opening an encrypted connection with the
attacker, which means the attacker securely communicates with an asymmetric
cipher and learns the secret key. Then the attacker just needs to open another
encrypted connection with B
,
and B will believe that he is communicating
with A
,
as shown in the following illustration.
Encrypted
Communication
with Key 1
Attacker
System A
Appears to
be System B
Appears to
be System A
Encrypted
Communication
with Key 2
Systems A and B both believe
they are communicating with
each other.
System B
