|
|
|
|
What
is RC4?
RC4 is a stream cipher
designed by Rivest for RSA Data Security (now RSA Security). It is
a variable key-size stream cipher with byte-oriented operations.
The algorithm is based on the use of a random permutation.
Analysis shows that the period of the cipher is overwhelmingly
likely to be greater than 10100. Eight to sixteen
machine operations are required per output byte, and the cipher
can be expected to run very quickly in software. Independent
analysts have scrutinized the algorithm and it is considered
secure.
RC4 is used for file
encryption in products such as RSA SecurPC. It is also used for
secure communications, as in the encryption of traffic to and from
secure web sites using the SSL
protocol.
|
What
is SSL?
The SSL (Secure Sockets Layer) Handshake Protocol [Hic95] was
developed by Netscape Communications Corporation to provide
security and privacy over the Internet. The protocol supports
server and client authentication. The SSL protocol is application
independent, allowing protocols like HTTP (HyperText Transfer
Protocol), FTP (File Transfer Protocol), and Telnet to be layered
on top of it transparently. Still, SSL is optimized for HTTP; for
FTP, IPSec might be preferable. The SSL protocol is able to
negotiate encryption keys as well as authenticate the server
before data is exchanged by the higher-level application. The SSL
protocol maintains the security and integrity of the transmission
channel by using encryption, authentication and message
authentication codes. |
|
 |
The
SSL Handshake Protocol consists of two phases: server
authentication and an optional client authentication. In the first
phase, the server, in response to a client's request, sends its
certificate and its cipher preferences. The client then generates
a master key, which it encrypts with the server's public key, and
transmits the encrypted master key to the server. The server
recovers the master key and authenticates itself to the client by
returning a message authenticated with the master key. Subsequent
data is encrypted and authenticated with keys derived from this
master key. In the optional second phase, the server sends a
challenge to the client. The client authenticates itself to the
server by returning the client's digital signature on the
challenge, as well as its public-key certificate. |
A variety of
cryptographic algorithms are supported by SSL. During the
"handshaking'' process, the RSA public-key cryptosystem is
used. After the exchange of keys, a number of ciphers are used.
These include RC2, RC4,
IDEA,DES, and triple-DES. The MD5 message-digest algorithm is also
used. The public-key certificates follow the X.509 syntax.
For more information on SSL 3.0, click
here |
|
|
