Re: snort ssl plug-in

[Matt Kettler <mkettler () evi-inc com>]

At 05:08 AM 1/13/2004, Derya Sezen wrote:
> I wanna collect the private keys in my local trusted area & see the
> crypted traffic, ( i have the public keys of the both side) i think it
> is possible logically, no? Is there any Snort plug-in for that?!

*chuckle*...

If what you suggest was possible, SSL would be worthless... You need the 
private keys for this kind of stuff, not the public ones. The public ones 
are sent over the wire, so everyone in the world has those.

Once you have the private keys, you can theoretically start sniffing 
sessions, capturing session keys (which are for symmetric ciphers, thus are 
neither a public nor private key, but instead are secret keys)


Did you actually mean you have the SSL private keys for both sides, or do 
you only have the public ones, which any joe in the world could have?

If you only have the public keys, start cracking them to derive the private 
keys, and don't expect to get anywhere in the next several years.





-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users