Bugtraq mailing list archives

Re: "The End of SSL and SSH?"

From: Kurt Seifried <listuser () seifried org>
Date: Wed, 20 Dec 2000 21:01:48 -0700

This is a short reply because I just had eye surgery and the doctor told me I was absoulutely not to use a computer.

People (ie the masses of users, you know, the people you support/etc) generally know a LOT less about security then 
your average
Bugtraq subscriber.

They by and large believe that SSL and SSH are "secure". I've had countless websites say "we are secure because we use 
SSL". Well I
think we all know better.

The main point of the article was to let people know that SSL and SSH are far from perfect, in fact I think they are 
pretty poor
because they rely so heavily on the end user (usually the weakest link). This wasn't to much of a problem till recently 
because the
availability of software to execute a man in the middle attack was not to widespread. Well Dug Song changed all that 
with dsniff
2.3. Attackers now have to know very little to execute an attack, and in many situations they probably stand a good 
chance of
succeding.

People have mentioned /etc/hosts and known_hosts. Well tiny problem, there's this desktop OS called Windows that has 
like 95% of the
market and as a rule of thumb the hosts file in Windows is usually non existent (as a rule the only entry by default is 
localhost).
Attacking these systems by dnsspoof'ing their DNS server and then proxying the connection so you can man in the middle 
isn't exactly
impossible.

We can move the problem "back" for example by using certificates for example, in theory if I create an X.509 cert 
properly on my
smartcard, and Verisign doesn't goof up on checking my identity then that X.509 cert is pretty secure, and now when I 
connect to
sites capable of taking an X.509 cert as auth it's pretty safe.

As for DNSSEC/etc yeah it's far from perfect but at least it might stop dns spoofing. I know I have no plans to fully 
populate my
/etc/hosts and synch it between all my machines somehow anytime soon.

Protocols like SRP are great, as long as you and the server already share a secret (like username/password), for things 
like SSL
where the client end has typically 0 way of proving ID I'm not sure what we can do. Now I am going to lie down in a 
dark room.

P.S. how the hell can a title on a web page be shrill?

Kurt Seifried, seifried () securityportal com
SecurityPortal - your focal point for security on the 'net

Current thread:

Re: "The End of SSL and SSH?", (continued)
- - - Re: "The End of SSL and SSH?" Stefan Monnier (Dec 20)
    - Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
    - Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
    - Re: "The End of SSL and SSH?" Ajax (Dec 20)
    - Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
    - Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
    - Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
    - Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
  - Re: "The End of SSL and SSH?" Alfred Perlstein (Dec 20)
    - Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
  - Re: "The End of SSL and SSH?" Kurt Seifried (Dec 21)
    - Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
    - Re: "The End of SSL and SSH?" Samuele Giovanni Tonon (Dec 21)
    - Re: "The End of SSL and SSH?" - mongo followup Kurt Seifried (Dec 24)
    - Re: "The End of SSL and SSH?" Adrian Close (Dec 22)
  - Re: "The End of SSL and SSH?" Martin Rex (Dec 21)
    - Re: "The End of SSL and SSH?" Darren Reed (Dec 21)
    - Re: "The End of SSL and SSH?" Klaus Moeller (Dec 22)
  - Re: "The End of SSL and SSH?" Adam Shostack (Dec 21)