Fellow Free Software enthusiasts, In the 15 March 2003 issue of Crypto-Gram, Bruce Schneier has some interesting comments about SSL and the way we use it, in light of the recently announced flaw in SSL.
I quote the section of his article on the topic. It makes for a pretty good read as far as security and the real world are concerned. --> Jijo NB- I am forwarding the whole section on the topic, but not the issue in its entirety. This is for the benefit of the mailing list and for readability. I hope Bruce Schneier and Counterpane will forgive this. To read the entire issue and other issues, please go to the Crypto-Gram website: <http://www.counterpane.com/crypto-gram.html>. ----- Section on the SSL Flaw from Crypto-Gram of 15 March 2003 ----- Last month, a flaw in the SSL protocol made the news. Although first reported as a flaw in the protocol itself, it is actually an implementation flaw. While technically interesting, the flaw doesn't affect most people's SSL security. And even if it did compromise SSL security, it doesn't really matter. The attack is one of a general class of side-channel attacks. The attacker can use timing variations in certain implementations of SSL to gain information about encrypted data. In some circumstances, the attacker can use the information to decrypt the data and recover the SSL password, which can then be used to compromise the entire SSL secure channel. This is a real attack, and a good scientific result, but it's not applicable to most SSL users. For the attack to work, the SSL software needs to use a block cipher (preferably with a 64-bit block, like triple-DES) in CBC mode. The vast majority of SSL implementations default to RC4, which is not susceptible to the attack. And the attack is a man-in-the-middle attack, meaning that the attacker must be able to insert himself into the SSL connection between the client and the server; an attacker who is passively eavesdropping on the connection cannot mount the attack. And finally, the attacker needs some special characteristics of the SSL connection to be able to form a certain sequence of messages in order for his attack to work; in most normal browsing, this just isn't going to happen. All of this points to the attack being primarily of theoretical interest, which doesn't mean that vendors shouldn't fix their implementations. Users don't have to rush to download patches, though. In a Reuters article on the topic, I was quoted as saying that "Nobody bothers eavesdropping on the communications while it is in transit." This isn't a misquote (grammar mistake and all). Even if SSL were irrevocably broken, it wouldn't affect Internet security very much. There are two reasons. One, SSL is almost never used in a secure manner. And two, SSL doesn't solve an important security problem. SSL establishes a secure channel between a client and a server. In order for you, the SSL client, to ensure that the channel is secure, you need to authenticate the server. You can do this by looking at the SSL certificate (your browser allows you to do this) and making sure that the server you have established a secure channel with is the one you want to talk to. My guess is that approximately no one ever does this. I certainly never do it. This means that you are using SSL to establish a secure channel with a random person. Imagine you are sitting in a lightless room with a stranger. You know that your conversation cannot be eavesdropped on. What secrets are you going to tell the stranger? Nothing, because you have no idea who he is. SSL is kind of like that. SSL solves the security problem of transferring sensitive information between browsers and webservers. Mostly, I see it used to protect credit card transactions; people are concerned about hackers stealing their credit card numbers as they move through the network. By now it should be obvious that hackers don't steal credit card numbers one by one across the network; they steal them in bulk -- by the thousands or even millions -- by breaking into poorly protected networks. Many smaller e-commerce sites don't use SSL to protect their credit card transactions, and even there this kind of attack simply doesn't happen. I admit that my Reuters quote is a bit of an overstatement. SSL is used to protect personal information between customers and online banks or brokerage houses, employees and employers, patients and insurance companies, etc., but by and large SSL is for show. The real risks to personal data are the large databases at the endpoints, not the communications between them. I wouldn't discard SSL as being irrelevant, but neither would I worry very much if it could be attacked. Security is only as strong as the weakest link, and SSL is nowhere close to being the weakest link. The research paper: <http://lasecwww.epfl.ch/memo_ssl.shtml> Reuters article: <http://story.news.yahoo.com/news?tmpl=story&ncid=582&e=1&cid=582&u=/nm/20030221/wr_nm/tech_encryption_dc> or <http://tinyurl.com/7fpi> Slashdot discussion: <http://slashdot.org/article.pl?sid=03/02/20/1956229&mode=thread&tid=93&tid=172> or <http://tinyurl.com/7fpn> ----- End forwarded message ----- -- Federico Sevilla III : http://jijo.free.net.ph : When we speak of free Network Administrator : The Leather Collection, Inc. : software we refer to GnuPG Key ID : 0x93B746BE : freedom, not price. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
