tex: add stuff on TLS
This commit is contained in:
parent
a057d9a0d3
commit
c8a6071b11
SSH Key Fingerprint:
SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
42
tex/text.tex
42
tex/text.tex
@ -103,9 +103,6 @@ distribution scheme}, which allows the two parties to arrive at a shared secret
|
||||
by exchanging information via insecure channels with the presence of an
|
||||
eavesdropper.
|
||||
|
||||
\n{3}{TLS}\label{sec:tls}
|
||||
|
||||
|
||||
\n{2}{Hash functions}
|
||||
|
||||
Hash functions are cryptographic algorithms used to help with a number of
|
||||
@ -137,6 +134,45 @@ access to a password breach that contains hashes, all it takes is to find a
|
||||
match within the rainbow table and reversely resolve that to the known
|
||||
message: the password.
|
||||
|
||||
|
||||
\n{3}{TLS}\label{sec:tls}
|
||||
|
||||
The Transport Layer Security protocol (or TLS) serves as as an encryption and
|
||||
\emph{authentication} protocol to secure internet communications. An important
|
||||
part of the protocol is the \emph{handhake}, during which the two communicating
|
||||
parties exchange messages that acknowledge each other's presence, verify each
|
||||
other, choose what cryptographic algorithms will be used and decide session
|
||||
keys. As there are multiple versions of the protocol in active duty even at the
|
||||
moment, the server together with the client need to agree upon the version they
|
||||
are going to use (these days it should be 1.2 or 1.3), pick cipher suites
|
||||
(TLSv1.3 dramatically reduced the number of available suites), the client
|
||||
verifies the server's public key (and the signature of the certificate
|
||||
authority that issued it) and they both generate session keys for use after
|
||||
handshake completion.
|
||||
|
||||
The handshake consists of multiple stages (again, depending on the version), for
|
||||
TLSv1.3 that would be:
|
||||
|
||||
\begin{itemize}
|
||||
\item \textbf{Client hello}: client sends a client hello message containing
|
||||
the protocol version, a list of cipher suites and the client random value.
|
||||
The client in this step also includes the ephemeral Diffie-Helman (EDH)
|
||||
parameters, which are later used for calculating the pre-master key.
|
||||
\item \textbf{Server generating a master secret}: the server has got the
|
||||
cipher suites, the client's paramaters and client random and already has
|
||||
the server random, which means it can create the master secret.
|
||||
\item \textbf{Server hello and ``Finished''}: the server includes in the
|
||||
hello its certificate, digital signature, server random, the chosen
|
||||
cipher suite, and sends a ``Finished'' (meaning \emph{ready}) message.
|
||||
\item \textbf{Signature and certificate verification}: the client at this
|
||||
step verifies server's certificate and signature, generates the master
|
||||
secret and is ready (sends the ``Finished'' message).
|
||||
\end{itemize}
|
||||
|
||||
At the end of the process, the connection is protected by symmetric encryption
|
||||
using the session key that the both parties have arrived at.
|
||||
|
||||
|
||||
\n{1}{Passwords}\label{sec:passwords}
|
||||
|
||||
Passwords have been in use since the ancient times, apparently already the
|
||||
|
||||
Reference in New Issue
Block a user