Re: [HACKERS] Speed of SSL connections; cost of renegotiation
| От | Tom Lane |
|---|---|
| Тема | Re: [HACKERS] Speed of SSL connections; cost of renegotiation |
| Дата | |
| Msg-id | 16304.1050125186@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Speed of SSL connections; cost of renegotiation (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-interfaces |
Curt Sampson <cjs@cynic.net> writes:
> On Fri, 11 Apr 2003, Tom Lane wrote:
>> I realized this morning that there's probably a security tradeoff
>> involved: renegotiating the session key limits the amount of session
>> data encrypted with any one key, which is good; but each renegotiation
>> requires another use of the server key, increasing the odds that an
>> eavesdropper could break *that* (which'd let him into all sessions not
>> just the one).
> This seems extremely low-risk to me; there's very little data
> transferred using the server key.
Perhaps, but the downside if the server key is broken is much worse
than the loss if any one session key is broken. Also, I don't know
how stylized the key-renegotiation exchange is --- there might be
a substantial known-plaintext risk there.
The fact that sshd thinks it necessary to choose a new server key as
often as once an hour indicates to me that they consider the risks
nonnegligible.
regards, tom lane
В списке pgsql-interfaces по дате отправления: