m...@joachim-bauch.de a écrit :
the function "ssl3_CreateECDHEphemeralKeys" in
"nss/lib/ssl/ssl3ecc.c"
doesn't really create ephemeral keys, but caches the keys per curve for
the whole lifetime of the application. This leads to the same keypair
being used for all connections that use the same curve.
Is this intended or am I missing something?
This is certainly intended for performance reasons. The other side of a
ECDHE connection does not obtain any information about your private
ephemeral key, so there's no specific risk in using it for several
connections.
If an attacker obtains complete access to your local system and it's
memory some time after the connexion, most OS make it so that it's quite
likely he will be able to recover informations about your private key
even if your software tried to erase it. So it won't be that
advantageous from a security point of view to erase it each time, and
you'll loose in performance. Probably the ideal compromise would be to
erase it anyway after a while, but it would be more complex.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
