29
submitted 6 months ago by t0mri@lemmy.ml to c/security@lemmy.ml

There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?

you are viewing a single comment's thread
view the rest of the comments
[-] Nomad@infosec.pub 9 points 6 months ago

Great question: it's called asymmetric cryptography for a reason.

The key pair is built by the person wanting to receive private messages. The public part is made public an can be used to encrypt messages to the owner of the private key. Without it you cant read the contents.

As this method is not really performance friendly, thus method is usually used to establish a symmetric encryption key for both parties that can't be intercepted this way.

In fact: if the attacker can switch out the public key for his own during transfer, he can use it to decrypt the messages and relay them to the first party, thereby revealing all the messages. This is called a man-in-the-middle attack. This is why authentication of the key is so important. This is usually done via a trusted third party.

Sorry to be so short, I hope I have given you enough words to Google for further reading.

this post was submitted on 28 Apr 2024
29 points (78.4% liked)

Security

5014 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS