Bugtraq mailing list archives
Re: "The End of SSL and SSH?"
From: Kurt Seifried <listuser () seifried org>
Date: Wed, 20 Dec 2000 21:01:48 -0700
This is a short reply because I just had eye surgery and the doctor told me I was absoulutely not to use a computer. People (ie the masses of users, you know, the people you support/etc) generally know a LOT less about security then your average Bugtraq subscriber. They by and large believe that SSL and SSH are "secure". I've had countless websites say "we are secure because we use SSL". Well I think we all know better. The main point of the article was to let people know that SSL and SSH are far from perfect, in fact I think they are pretty poor because they rely so heavily on the end user (usually the weakest link). This wasn't to much of a problem till recently because the availability of software to execute a man in the middle attack was not to widespread. Well Dug Song changed all that with dsniff 2.3. Attackers now have to know very little to execute an attack, and in many situations they probably stand a good chance of succeding. People have mentioned /etc/hosts and known_hosts. Well tiny problem, there's this desktop OS called Windows that has like 95% of the market and as a rule of thumb the hosts file in Windows is usually non existent (as a rule the only entry by default is localhost). Attacking these systems by dnsspoof'ing their DNS server and then proxying the connection so you can man in the middle isn't exactly impossible. We can move the problem "back" for example by using certificates for example, in theory if I create an X.509 cert properly on my smartcard, and Verisign doesn't goof up on checking my identity then that X.509 cert is pretty secure, and now when I connect to sites capable of taking an X.509 cert as auth it's pretty safe. As for DNSSEC/etc yeah it's far from perfect but at least it might stop dns spoofing. I know I have no plans to fully populate my /etc/hosts and synch it between all my machines somehow anytime soon. Protocols like SRP are great, as long as you and the server already share a secret (like username/password), for things like SSL where the client end has typically 0 way of proving ID I'm not sure what we can do. Now I am going to lie down in a dark room. P.S. how the hell can a title on a web page be shrill? Kurt Seifried, seifried () securityportal com SecurityPortal - your focal point for security on the 'net
Current thread:
- Re: "The End of SSL and SSH?", (continued)
- Re: "The End of SSL and SSH?" Stefan Monnier (Dec 20)
- Re: "The End of SSL and SSH?" Brett Glass (Dec 20)
- Re: "The End of SSL and SSH?" Crispin Cowan (Dec 20)
- Re: "The End of SSL and SSH?" Ajax (Dec 20)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
- Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
- Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
- Re: "The End of SSL and SSH?" Alfred Perlstein (Dec 20)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 21)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Samuele Giovanni Tonon (Dec 21)
- Re: "The End of SSL and SSH?" - mongo followup Kurt Seifried (Dec 24)
- Re: "The End of SSL and SSH?" Adrian Close (Dec 22)
- Re: "The End of SSL and SSH?" Darren Reed (Dec 21)
- Re: "The End of SSL and SSH?" Klaus Moeller (Dec 22)