When we use Tor or https traffic , the encryption- decryption key has to be exchanged between the browser and the website server. Why somebody who can capture entire traffic , say ISP or somebody who controls the wifi router, cannot capture the key and hence read the actual content of the encrypted traffic ?
Asked
Active
Viewed 516 times
0
-
this link answers it in best possible manner http://security.stackexchange.com/questions/6290/how-is-it-possible-that-people-observing-an-https-connection-being-established-w – gostela Jun 12 '14 at 09:46
1 Answers
0
This is the basics of Asymmetric Key Encryption (or public key encryption). Each party has a key pair, a public key and private key.
You can encrypt data with the public key, but it can only be decrypted with the private key. Now, there is a performance hit when using public keys, so usually a symmetric key is set up. The problem is that we need to have a secure way to distribute our key. Public key cryptography is used to securely exchange that key.
In it's most simplified form, a client creates a secret key K, and encrypt this using the server's public key. Now, only the server can decrypt this, and K is used to encrypt all further traffic.
K is never transferred in clear text, so even though an ISP collects all traffic between client and server, they'll never know what K is. (That is, unless there are vulnerabilities).
As said, there's a lot more to see (SSL negotiation, etc...) when setting up an SSL tunnel, but that's the general idea.
ndrix
- 3,226
- 13
- 17