3

If somebody observes a connention between client, and the server, then he can see the keys, by the following data encrypted is.

As far as I know, if I connect to a server, then it sends me some keys, and later the communication will be encoded by this key. But I dont understand, how is it possible, to make it secure from the beginning? When the client and the server initialize the connection, and choose an encryption method, then the observer can get the security keys.

Iter Ator
  • 183
  • 5

2 Answers2

5

A connection can be secure using asymmetric cryptography, even if somebody observes it from the beginning.

Why?

Asymmetric cryptography is a class of cryptographic algorithms which requires two separate keys, one of which is secret and one of which is public.

The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature. The term "asymmetric" stems from the use of different keys to perform these opposite functions, each the inverse of the other – as contrasted with conventional ("symmetric") cryptography which relies on the same key to perform both.

So if the attacker steals the public key, he would not be able to decrypt the ciphertext, because he does not have the private key, which no one else should have access to.

As pointed by @Ullrich, you can find more useful informations on How does SSL/TLS work?.

Other nice article: How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?

Lucas NN
  • 1,336
  • 8
  • 21
  • 2
    Even if you haven't exchanged keys before, you could use Diffie-Hellman to exchange a secret without an eavesdropper being able to read it. Note: Using ONLY Diffie-Hellman is not really secure, because you cannot authenticate your message. – drpexe Dec 03 '14 at 10:09
3

Asymmetric cryptography isn't the only way to set up a secure connection even though an eavesdropper is monitoring the connection. You can also use a technique such as Diffie-Hellman key exchange to agree on a shared symmetric encryption key without ever exchanging enough information for an eavesdropper to figure out what that key is.

Note that unlike asymmetric crypto (where the public keys can be exchanged out-of-band or otherwise have their ownership verified), DH key exchange is vulnerable to an active attacker who can perform a man-in-the-middle attack. On the other hand, DH key exchange can be performed between any two participants, without needing any form of prior contact, even indirect.

Mark
  • 34,513
  • 9
  • 86
  • 135