• Register

How ssl handles replay attacks and password sniffing ?

0 votes
5,421 views
I want to know in brief how passoword sniffing and replay attacks are protected in ssl .
asked Apr 15, 2014 in General by developer
    

1 Answer

0 votes

Well the password question is easy.  The password is encrypted before it leaves the computer where the password was typed in so anyone sniffing traffic on the internet will be stopped because the password is in plain text.

To prevent replay attacks you can reference the RFC for the TLS protocol.  

http://tools.ietf.org/html/rfc4346#appendix-F.2

Outgoing data is protected with a MAC before transmission. To prevent message replay or modification attacks, the MAC is computed from the MAC secret, the sequence number, the message length, the message contents, and two fixed character strings. The message type field is necessary to ensure that messages intended for one TLS Record Layer client are not redirected to another. The sequence number ensures that attempts to delete or reorder messages will be detected. Since sequence numbers are 64 bits long, they should never overflow. Messages from one party cannot be inserted into the other's output, since they use independent MAC secrets. Similarly, the server-write and client-write keys are independent, so stream cipher keys are used only once.

answered Aug 20, 2014 by WannaBeGeekster (1,700 points)

Related questions

0 votes
1 answer 1,576 views
1,576 views asked Jul 26, 2012 in SSL Certificates by anonymous
+2 votes
2 answers 390 views
0 votes
1 answer 220 views
...