When transfering data using TLS the browser and server agree the cipher suite to

Question

When transfering data using TLS the browser and server agree the cipher suite to be used - so for example this could be chosen as AES-128 and is (probably) outside of my control. If I separately encrypt a file using AES-256 and then Alice downloads this via her browser (using AES 128) have I still effectively got AES-256 security?

My reasoning goes like this: even if the AES-128 encryption on the TLS link was broken by Eve then all she would get is the AES-256 encrypted file and she would then have to break that encryption to see the plaintext.

Of course the AES-256 key is sent to Alice over a separate channel.

Explanation / Answer

Obviously, as long as the AES-128 (TLS) channel is keyed independently from the AES-256 (file encryption), the TLS encryption cannot damage the file encryption.

Let us consider what would be true if it could. If that somehow did weaken the file encryption, this would allow this attack on an encrypted file

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.