[18267] in bugtraq
Re: "The End of SSL and SSH?"
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Thu Dec 21 12:29:22 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <014601c06b02$be8b9820$ca00030a@seifried.org>
Date: Wed, 20 Dec 2000 21:01:48 -0700
Reply-To: Kurt Seifried <listuser@seifried.org>
From: Kurt Seifried <listuser@seifried.org>
X-To: "Perry E. Metzger" <perry@PIERMONT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a short reply because I just had eye surgery and the doctor told me I was absoulutely not to use a computer.
People (ie the masses of users, you know, the people you support/etc) generally know a LOT less about security then your average
Bugtraq subscriber.
They by and large believe that SSL and SSH are "secure". I've had countless websites say "we are secure because we use SSL". Well I
think we all know better.
The main point of the article was to let people know that SSL and SSH are far from perfect, in fact I think they are pretty poor
because they rely so heavily on the end user (usually the weakest link). This wasn't to much of a problem till recently because the
availability of software to execute a man in the middle attack was not to widespread. Well Dug Song changed all that with dsniff
2.3. Attackers now have to know very little to execute an attack, and in many situations they probably stand a good chance of
succeding.
People have mentioned /etc/hosts and known_hosts. Well tiny problem, there's this desktop OS called Windows that has like 95% of the
market and as a rule of thumb the hosts file in Windows is usually non existent (as a rule the only entry by default is localhost).
Attacking these systems by dnsspoof'ing their DNS server and then proxying the connection so you can man in the middle isn't exactly
impossible.
We can move the problem "back" for example by using certificates for example, in theory if I create an X.509 cert properly on my
smartcard, and Verisign doesn't goof up on checking my identity then that X.509 cert is pretty secure, and now when I connect to
sites capable of taking an X.509 cert as auth it's pretty safe.
As for DNSSEC/etc yeah it's far from perfect but at least it might stop dns spoofing. I know I have no plans to fully populate my
/etc/hosts and synch it between all my machines somehow anytime soon.
Protocols like SRP are great, as long as you and the server already share a secret (like username/password), for things like SSL
where the client end has typically 0 way of proving ID I'm not sure what we can do. Now I am going to lie down in a dark room.
P.S. how the hell can a title on a web page be shrill?
Kurt Seifried, seifried@securityportal.com
SecurityPortal - your focal point for security on the 'net
