Is SSL/TSL really secure?

A have a limited understanding of SSL and TSL... and internet structure
in general for that matter, so this may sound like a stupid question.

When you ping a ip, it connects to several other ips before it reaches
it's destination. So, isn't it possible for those "middle-man"
computers to record the private and public keys as they pass from my
computer to the "secure" web site. And because the encryption methods
are well known, decrypt the information and gain access to the credit
card numbers/other secure information contained?

sorry if the question is dumb, just hoped someone could clear it up for
me.

Re: Is SSL/TSL really secure?

tomodachigai@gmail.com wrote:
[SSL and TLS]
> When you ping a ip, it connects to several other ips before it reaches
> it's destination. So, isn't it possible for those "middle-man"
> computers to record the private and public keys as they pass from my
> computer to the "secure" web site.

It is not possible, because private keys never are being sent, and
public keys are public anyways ;-)

> sorry if the question is dumb, just hoped someone could clear it up for
> me.

What you seem to miss is the understanding of the idea of asymmetric
cryptography.

It works like this:

You have a key pair K1, K2. What you're encrypting with K1 cannot be
decrypted with K1 any more. It only can decrypted with K2. And vice versa,
what is encrypted with K2, can only decrypted with K1.

So both partners have such a keypair, say Alice has K1, K2 and Bob has
L1, L2.

Now Alice keeps K1 strictly secret - it's her "private key". And Bob does
so with L1 - it's his "private" key. The other keys they make public.

Now Alice sends K2 to Bob. And Bob sends L2 to Alice. It does not matter
if somebody listens.

When Alice now is wanting to send a message C to Bob, she encrypts the
message with her own secret K1. So when Bob is decrypting, he knows, that
this message came from Alice for sure, because this message can be decrypted
with K2, Alice's public key. And additionally, Alice encrypts the message
with the public key of Bob, L2. So this message can only decrypted by Bob
himself - because he is the only one, who has the matching private key L1.

So Alice encrypts the message C like this:

X = L2(K1(C)).

Only Bob can decrypt it, because only he has L1 to decrypt:

X' = L1(L2(K1(C))) = K1(C).

And Bob immediately can check, if this really is from Alice. Only, if Alice's
public key matches, then this will be a sensible message:

X'' = K2(K1(C)) = C.

This is the concept of assymetric cryptography. SSL further uses the concept
of cryptographic hashes to secure, that C really is a correct message. And,
when key exchange using such concepts is done, then the only data which is
sent usually is a key for a simple symmetric block cypher, which is used
afterwards instead of such asymmetric cryptography. The reason is speed -
this computes much faster.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: Is SSL/TSL really secure?

SSL/TLS is subject to man-in-the middle attacks.

A computer/someone on the way, that for simplicity reasons we will
consider as a proxy, can negociate two encrypted sessions, with both
ends, and be able to read and modify all the communication.

The attack involves being on the route and using a certificate. This
certificate is generally recognized as forged by the browsers who warn
the user about the possibility of the session being attacked. For the
funny part: the first versions of Firefox fired a warning that stated
it was very improbable that it was an attack when it actually was (this
is not true anymore).

The quality of the produced certificate is therefore essential for the
attack being carried out. The machine/man in the middle should
impersonate as the server the better it/he can.

This leads us to think that:
- people with influence (not to mention governments) might get
beautiful certificates from CAs ("trusted" third parties) and implement
the attack *transparently*, stealing passwords for webmail, etc,
- the secrets used by CAs to generate the certificates are of a
particular interest for hackers,
- other security issues regarding certificates are disturbing enough to
consider SSL as insecure for important matters.

Kind regards
Ludovic Joly

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:

> - people with influence (not to mention governments) might get
> beautiful certificates from CAs ("trusted" third parties) and implement
> the attack *transparently*, stealing passwords for webmail, etc,

You don't need any influence. Obviously any random telephone caller can
get a Microsoft cert signed by Verisign.

> - other security issues regarding certificates are disturbing enough to
> consider SSL as insecure for important matters.

What other issues?

Re: Is SSL/TSL really secure?

Sebastian Gottschalk:
>What other issues?

I hardly believe the installation of trusted certificates on client
machines is a really secure scheme - especially with end users who
don't understand what the certificates are used for.

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:
> Sebastian Gottschalk:
>> What other issues?
>
> I hardly believe the installation of trusted certificates on client
> machines is a really secure scheme

It is, as long as you verify the fingerprints. This is a non-technial issue.

> especially with end users who don't understand what the certificates
> are used for.

That's a general non-technical issues. As are scumbags as CAs,
misconfiguration (f.e. allowing a NULL cipher), twisting CN and OU
field, a compromised client...

Re: Is SSL/TSL really secure?

So what?

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:
> So what?

Non-technical issues are not an objective measure for the security of a
technical protocol.

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:
> SSL/TLS is subject to man-in-the middle attacks.

Of course, one has to check certificates.
And a web of trust is the better concept.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: Is SSL/TSL really secure?

Sebastian Gottschalk wrote:
>Non-technical issues are not an objective measure for the security of a
>technical protocol.

We know that. But non-technical issues are at the heart of security
systems, and telling the opposite is just telling *BULLSHIT*.

Now I have an expert question for you, Sebastian Gottschalk. Would you
recommend to a group of dissidents of some country that risk years and
years in jail to use SSL for their security?

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:
> Sebastian Gottschalk wrote:
>> Non-technical issues are not an objective measure for the security of a
>> technical protocol.
>
> We know that. But non-technical issues are at the heart of security
> systems, and telling the opposite is just telling *BULLSHIT*.

I didn't tell the opposite.
But I guess you're mixing a technical protocol and the system it's used in.

> Now I have an expert question for you, Sebastian Gottschalk. Would you
> recommend to a group of dissidents of some country that risk years and
> years in jail to use SSL for their security?

SSL is secure if used properly. If they know how to use it properly, the
risk is absolutely negligable. So, under that condition: Yes.

Re: Is SSL/TSL really secure?

Sebastian Gottschalk wrote:
> Ludovic Joly wrote:
>> So what?
>
> Non-technical issues are not an objective measure for the security of a
> technical protocol.

But, without these administrative controls to go hand-in-hand with the
technical controls, the technical controls are worthless. After all,
key management isn't technical in nature.

--
*Adam W. Montville, CISSP*
awm@montvillearchives.net
*http://www.MontvilleArchives.net *

*ICQ: 271-685-874*

Re: Is SSL/TSL really secure?

In article <48tketFls6rlU1@news.dfncis.de>,
Sebastian Gottschalk wrote:

> Ludovic Joly wrote:
> > Sebastian Gottschalk wrote:
> >> Non-technical issues are not an objective measure for the security of a
> >> technical protocol.
> >
> > We know that. But non-technical issues are at the heart of security
> > systems, and telling the opposite is just telling *BULLSHIT*.
>
> I didn't tell the opposite.
> But I guess you're mixing a technical protocol and the system it's used in.

Of course, since proper operation is critical to security. If something
is too complicated for the intended users, it doesn't matter how
technically correct it is.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Is SSL/TSL really secure?

Sebastian Gottschalk wrote:
>SSL is secure if used properly. If they know how to use it properly, the
>risk is absolutely negligable. So, under that condition: Yes.

Wrong. Dissidents go to jail. Dissidents do not pass Go, do not collect
$200.

SSL is not secure against adversaries the strength of governments.

Re: Is SSL/TSL really secure?

Barry Margolin wrote:

>> But I guess you're mixing a technical protocol and the system it's used in.
>
> Of course, since proper operation is critical to security. If something
> is too complicated for the intended users, it doesn't matter how
> technically correct it is.

However, SSL is not complicated for the intended users.
Just the actual users are far more stupid than the intended users. And
the CAs are usually scumbags.

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:
> Sebastian Gottschalk wrote:
>> SSL is secure if used properly. If they know how to use it properly, the
>> risk is absolutely negligable. So, under that condition: Yes.
>
> Wrong. Dissidents go to jail. Dissidents do not pass Go, do not collect
> $200.

If they go to jail, then for sure it's not because someone broke SSL,
but did something more likely, live faking evidence.

> SSL is not secure against adversaries the strength of governments.

It is, if properly used.

Re: Is SSL/TSL really secure?

I think both parties are right. Governments don't need to break the
encryption head on (a frontal attack). But at the same, I don't think
they can break the encryption unless something is configured
incorrectly ( a side attack). AES 128 would take millions of
milleniems to break by brute force, even at 40,000,000,000 calculations
a second, so SSL running AES 128 would not be easily broken. If a
nation-state is trying to get into the system, they have the resources
to gain access by other means. Their is an elite group of hackers from
every country spending time, sifting data, mapping networks. With
enough time and energy, not system is secure from a nation state
threat, even if the system is not plugged into anything else.

The supported symmetric key algorithms in todays SSL environments are
more than adequate to mask data for as long as the data is valuable, so
long as the implimentation is correct. But no data is safe from the
nation-state threat. Defense is expensive, offense is cheap.

Re: Is SSL/TSL really secure?

Sebastian Gottschalk wrote:
> However, SSL is not complicated for the intended users.

Unfortunately, for most of the home users, it is.

> Just the actual users are far more stupid than the intended users. And
> the CAs are usually scumbags.

;-)

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: Is SSL/TSL really secure?

Isn't the man-in-the-middle attack, under certain circumstances,
feasible by opponents even weaker than governments, let's say for
example organized crime?

An organization with some friends at CAs and at ISPs could perform the
attack.

Re: Is SSL/TSL really secure?

Wade:
>With enough time and energy, not system is secure from a nation state threat

Military communication systems are actually supposed to be resistant to
other states attacks. History showed that some systems were not strong
enough, but the design tried to produce a system that would resist.

Re: Is SSL/TSL really secure?

Ludovic Joly wrote:
> Isn't the man-in-the-middle attack, under certain circumstances,
> feasible by opponents even weaker than governments, let's say for
> example organized crime?
>
> An organization with some friends at CAs and at ISPs could perform the
> attack.

You don't need any friends at CAs, because most are scumbags. May I
remember you of certain incidents:

- An unknown aquired a certificate on the CN "Microsoft Corporation"
thorugh anonymous telephone at Verisign.

- GeoTrust signed certain certificates with certain banks as OU names.
It was supposed to be an internal auditing, and now they're even proud
of their achievement. Guess what? They didn't change anything about
their verification mechanism.

- GeoTrust/Equifax signed a certificate on a domain name as CU and OU
mountain-america.net (notice the dash) for a small company in Salt Lake
City. Guess what? The real Mountain America credit union running the
real mountainamerica.net is in Salt Lake City as well. Everything was
verified by Visa, obviously just by location.

- Hell, even the infamous TCPA/TCG had a lot of trouble with certs.
Having the TCPA website running with the cert of the TCG website (TCG
was refounded from members of TCPA? I would guess they just renamed! Now
they even melted both websites together...), forgetting to renew the
cert... and they like to preach that our crypto keys are safe at them.


And would you trust "AOL/Time Warner" as a CA?