SSL, Man in the Middle attack and caching of data transfers [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

This question does not appear to be about programming within the scope defined in the help center.

Closed 8 years ago.

Improve this question

It is now possible to store long periods of vast data transfers (ie. one month of all the communication in/out of the whole country, continent etc.).

Can the SSL communication still be considered safe in these circumstances?

I am not a security expert, I am just wondering...

Let all the communication between all the subjects involved (Certification Authority and both communicating entities) be transferred over network that is being watched and all the data exchange is stored somewhere. Also consider that CA has not been breached (secure data stored in CA do not leave CA, otherwise this communication is no longer safe).

Is this communication still secure?

How long would it take to crack weak SSL certificate in case we have all the data transferred over the network available for the fastest supercomputer at the moment? (with short key, ie. 256bit with ie. 100 PFLOPS)

How long would it take for 2048bit key in case we have all the data transferred over the network available?

Thank you for answers, I am ready to modify this question if necessary (in case some text / information needs modifying to be exact enough)

Answer 1

Your question embodies a contradiction in terms. You can't have a man-in-the-middle attack on a stored session. A Man-in-the-middle attack occurs while the connection is up, and involves the MITM posing as the peer to both ends, which requires certificate forgery. The situation described in your question concerns post-hoc decrypting of a completed session, which at worst require brute-force iterating over the possible keys, and whose feasibility halves with every bit in the key. These are completely different attacks.