[Snort-users] Re: Snort-users digest, Vol 1 #1349 - 12 msgs

Ryan Russell ryan at ...35...
Wed Nov 28 11:30:02 EST 2001


On Wed, 28 Nov 2001, Suke Li wrote:

> RSA is an algorithm based on a one-way direction of big number
> facterization funtion. There is no way for anyone who can use a public
> key to get the private key. SSL is based on RSA algrorithm. So, no IDS
> can decrypt the encrypted sessions in polynomial time. If the network
> traffic is heaven, how can you decrypt the sessions? That is
> impossible.

You intentionally share the private key with your IDS, which is what is
under discussion.  Snort doesn't do this currently, but it's perfectly
feasible if someone wants to add the code, and take the performance hit.
I don't think anyone is entertaining the idea of actually cracking RSA
keys with Snort. :)

					Ryan





More information about the Snort-users mailing list