If you're talking about SSL encryption, then just read up on public/private
key encryption. The dance goes something like this:

1) server sends public key to client
2) client creates session master key, encrypts it with server public key
and sends it back
3) communication commences with session key

It's more complex than that, but that's a basic gist.

Note that sniffing that session gives you no playback information, because
you never know the session master key.

Pick up Applied Cryptography by Schneier. And look at
http://www.rsasecurity.com/rsalabs/faq/index.html for starters.

-Mike

At 03:34 PM 1/4/2002 -0800, Andrew Langton wrote:
>One thing I've never had properly explained to me:
>
>If a hacker was sitting in a web cafe sniffing all the traffic, and captured
>the entire stream of data from the person connecting to the OWA server,
>couldn't they just replay the information to decrypt the data arriving at
>the client? I've been told no, but I haven't found anything/anyone that
>explains why not.
>
>Surely to negotiate a method of encryption that the client can decrypt,
>information must be passed between the systems that the wiley hx0r d00d can
>use to decrypt or replay the session...(?)
>
>Cheers
>Andrew

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]