[ISN] Is SSL safe?

From: InfoSec News (isnat_private)
Date: Sat Mar 22 2003 - 00:50:54 PST

  • Next message: InfoSec News: "Re: [ISN] Leaked Bug Alerts Cause a Stir"

    http://www.theregister.co.uk/content/55/29868.html
    
    By John Leyden
    Posted: 21/03/2003
    
    Czech security researchers this week claimed to have uncovered
    weaknesses in SSL that might permit crackers to decypher transmissions
    over supposedly secure links.
    
    However, independent cryptography experts, who are studying a paper
    from Czech security outfit ICZ, are yet to verify the risk is real and
    as serious as ICZ suggests - so the research needs to be treated with
    caution.
    
    A press release issued on behalf of Czech cryptologists Vlastimil
    Klíma and Tomá? Rosa, both of ICZ, and Ondrej Pokorný, paints a
    picture of severe problems with the SSL protocol. It states:
    
    "The weakness identified by the cryptologists makes it possible to
    attack the SSL/TLS (Secure Sockets Layer and Transport Layer Security)  
    protocols used as a cryptographic protection of a majority of
    electronic transactions, such as on-line purchases and e-banking, and,
    in some cases, a secured transmission of e-mails as well.
    
    "An attack on these protocols, as described by the team of Czech
    cryptologists, can break through the protection completely and decrypt
    protected communication. This means for clients using applications
    relying on SSL/TLS protocols that an attacker is able to retrieve
    their credit card numbers, sensitive information about their bank
    accounts and misuse confidential data from their e-mails."
    
    Lordy.
    
    >From the press release and an abstract of their paper we learn that
    the researchers have uncovered a possible means of obtaining
    cryptographic keys from a server and thereby unlocking the contents of
    a captured session. This side-channel attack, which builds on previous
    research, is explained in detail in the trio's paper, which you can
    read here [1] (PDF).
    
    The Czechs found "two thirds of randomly chosen Internet SSL/TLS
    servers were vulnerable" to the attack they document. Improvements to
    SSL are put forward in the paper, which, drawing as it does on complex
    mathematical analysis, doesn't lend itself to distillation into a news
    story.
    
    So how great a risk does the attack present to e-commerce
    transactions?
    
    To answer this question we contacted noted cryptographer Bruce
    Schneier, CTO of Counterpane Systems. Schneier wasn't available to
    provide an immediate response but told us he would be looking into the
    issue. We'll let you know what he comes up with.
    
    A month ago Swiss security researchers discovered an attack against
    implementations of the ubiquitous SSL protocol that could potentially
    compromise email passwords, though not ecommerce transactions.
    
    Writing about this attack in his Cryptogram newsletter, Schneier says
    users should be more concerned about their credit cards been lifted
    from insecure servers - rather than snapped up in transit, using
    either the Swiss or Czech attacks.
    
    "The real risks to personal data are the large databases at the
    endpoints, not the communications between them. I wouldn't discard SSL
    as being irrelevant, but neither would I worry very much if it could
    be attacked. Security is only as strong as the weakest link, and SSL
    is nowhere close to being the weakest link," he writes.
    
    [1] http://eprint.iacr.org/2003/052.pdf
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Mar 22 2003 - 03:10:47 PST