Possibility of Man in the Middle Attack during TLS handshake
I have read through the previous discussion on the same topic here, here and a few other places. While I understand that during the course of TLS communication, a MiTM is quite not possible, what are the chances of MiTM attack during TLS handshake?
I realize that TLS client hello, server hello and the following packets sent before establishing the key cannot be encrypted. For establishing the key, TLS uses Diffie Hellman protocol. SO will the traditional Man in the Middle attack still work here?
High level view: At the end of the handshake a signature is done covering the whole handshake. This signature implicitly includes that only the server knows the private key of the certificate. Thus the signature can not be faked by a man-in-the-middle as long as the certificate was properly validated by the client.
If you need a more detailed view on how this process really works you will find lots of information on the internet.
Just a remark, DH exchange is just a way to exchange keys without knowing the private keys for encryption. There is nothing inside it to prevent MITM attack. But if the public key (for both client and server) is validated through some exchange with third party like certification authority, then now MITM attack is not possible, as end-to-end the public key has be verified, so modification in between is mathematically infeasible. Reference:
http://slideplayer.com/slide/5938889/
链接地址: http://www.djcxy.com/p/21738.html上一篇: 捕获和编辑TCP / UDP数据包
下一篇: TLS握手期间中间人攻击的可能性