RSA Key Exchange

Previously I have written about the Secure Socket Layer (SSL). One method that SSL uses to negotiate the encryption between client and server is the RSA Key Exchange. There are multiple modes that the RSA Key Exchange algorithm can choose for encryption. I had already described the MD5 hash function and RC2 block cipher. Now let’s go over the other modes that RSA Key Exchange can decide upon.

A frequent choice is DES with 56 bit encryption and the SHA-1 hash function. DES stands for Data Encryption Standard. It is a cipher selected as an official Federal Information Processing Standard (FIPS). It is a symmetric algorithm meaning the encryption and decryption use the same key. RC4 is a stream cipher that has been called the most widely used software stream cipher. RC4 is also called ARC4. This cipher is used in wireless networks as well.

Another choice is Triple DES with 168 bit encryption and SHA-1 message authentication. This method has the strongest security. However that means it is not as fast as some other techniques. You can do the math and see that the key is three times longer than DES. It is also FIPS compliant. Triple DES is a block cipher that employs DES three times. IT is designed to prevent man in the middle attacks. Although it is very strong, Triple DES is being replaced by AES (Advanced Encryption Standard). The SHA-1 stands for Secure Hash Algorithm. It was designed by the National Security Agency.

That wraps up the modes that are available under the RSA Key Exchange. I thought I would also mention that SSL can use Fortezza. That is an encryption system used by the United States government. It calls for hardware based encryption of a classified cipher such as KEA or SKIPJACK. You get a PC card which stores private keys on it. Like the RSA Key Exchange, Fortezza provides different modes of encryption which can be negotiated.

One cipher suite used by Fortezza is RC4 with 128 bit encryption and SHA-1. This is very strong and difficult to crack. Another suite is RC4 with 128 bit encryption, SKIPJACK, and SHA-1. This is used for classified systems. It employs a symmetric key. SKIPJACK is a replacement for DES. It is also a block cipher, and was developed by the National Security Agency.]

This almost completes my overview of SSL. I wanted to get into the SSL Handshake and also the Man in the Middle Attack. Perhaps I can leave those as topics for future posts.