Using RSA keys, Extra Systems Cypher Net subscribers at the initial stage (procedure get_common_key) generate random byte sequences and exchange them in encrypted form. This exchange is called the prologue (further, already meaningful, communication). In the above-mentioned procedure get_common_key, the following lines are related to this process (prologue):
make_local_key(); get_hash(local_key.packed, PACKED_VALUE_LENTH / 2, local_hash); encrypt_local_key(); memcpy(socket_buffer, crypted_local_key, PACKED_VALUE_LENTH); memcpy(socket_buffer + PACKED_VALUE_LENTH, local_hash, HASH_SIZE); socket_send_buffer(socket, socket_buffer, PACKED_VALUE_LENTH + HASH_SIZE);
The size of the prologue, as is easy to see, is PACKED_VALUE_LENTH + HASH_SIZE, i.e., it depends on the bit depth of the RSA keys used (the PACKED_VALUE_LENTH parameter) and the hashing algorithm used in this particular delivery (the HASH_SIZE parameter). Thus, it can change, which would create problems for the central server in the connect_server procedure if the subscribers had not informed it of their prolog_size in advance, during the check_finger_print procedure, via the fingerprint they sent.
It is easy to see that the prologue consists of two parts: the random sequence local_key generated by the client (in the make_local_key procedure) and the hash of this sequence local_hash. In this case, the hash is calculated before the encryption of local_key, which ensures the reliability of the connection, since only the communication partner who has the private RSA key can decrypt this message, and only the subscriber to whom this partner personally gave the public key for this purpose can encrypt it. No man-in-the-middle attack is thus possible in this case.
The content of this page is also available in French, German, Ukrainian and Russian.
| © Extra Systems, 2024 |
|