I've a very basic understanding of how encryption works.
My knowledge insofar is that of CCNA discovery level on the CISCO courses (along with a few other things such as Steve Gibson and Leo Laporte on "Security Now" in various episodes).
My question(s) is(are):
Would encryption not break the networking concept of source ip/mac destination and MAC address in packets / frames?
Because…
Obviously any "unencryption"(keys) data could be sent with the data, but that would break the security, alongside switches being unable to direct data and build their MAC tables on an internal network.
Now i'll make some assumptions on what i know.
Either:
- Switches can use what's in the packets IP & MAC address's encapsulated header, alongisde the data known from prior connections to unencrypt the packets encapsulated with the source and destination frames MAC address.
- Routers can use what's in the packet / prior connections packets data to unencrypt the packets encapsulated with the source and destination IP adresses.
- The entire concept of encryption on the internet is unworkable (obviously untrue)
- source and destination MACs/ip's are sent unencrypted for encrypted packets. (If this is the case, does this mean that a man-in-the-middle could capture all data, record it, then spend as much time as they please brute forcing keys to unencrypt it?)
Or else, my assumptions ar bogus for some reason (Why are they bogus?).
This question is born of entirely theoretical knowledge from learning these courses, so please go in to as much detail as you absolutely are willing, even if you are thinking you're stating the obvious. I'm asking this out of purely academic reasons/intense curiousity, not because i have a practical problem.
Best Answer
Your assumption #4 is partly correct. Most often in technologies such as SSL/TLS, IP addresses & MAC addresses are sent unencrypted. More specifically, if we look at the OSI Networking Model, IP addresses are part of the of level 3, MAC addresses are part of level two whereas SSL/TLS is at level 4. Most encryption technologies work above level 3 so that the addressing can be read by standard routers and switches.
In order to solve the man in the middle problem encryption technologies have to provide some sort of authentication before starting up and encrypted session. In the SSL/TLS example the use of certificates which are provided by a trusted certificate authority (ie Verisign) is used for authentication.