The end of SSL & SSH?

Printable View

May 9th, 2003, 04:49 PM
Networker

The end of SSL & SSH?

Hereby an article about security and SSL/SSH written by Kurt Seifried.
http://ouah.sysdoor.net/coverstory20001218.html

The basic idea is to use dsniff to grab keys:

Quote:

Public Key Encryption
There is one fundamental problem with establishing a secure, encrypted connection over the Internet. No matter how you do it, at some point you must initiate the connection over a public and potentially hostile network. Ideally, when two hosts establish a connection, they exchange public keys using a variety of verification processes (Diffie-Hellman being an extremely popular one), and each host properly receives the other's key. Unfortunately, since this must take place over a public and usually insecure network, it is possible for an attacker to intercept the key exchange and subvert it.

I found a forum message pretty well written as a counter agument

Quote:

The problem is simply one of the user interface allowing a user to
ignore a security failure. If a remote login utility using a PKI
prompted the user with "host key is not certified, log in anyway?", it
would be no better than SSH implementations. If A kerberized remote
login utility prompted a user with "remote key is incorrect, log in
anyway", it too would be no better.

If this is truly the extent of the flaw Mr. Seifried things requires a
full PKI to fix, I'd like to know why setting isn't a near-complete fix to the "End of SSH" Mr. Seifried predicts.

What do u think, it is the end or not.
Personnaly since encryption keys may come in a not encrypted way accross the net during setup, I think the architecture is dangerous.
May 9th, 2003, 04:57 PM
slarty

You can't win however. Without a central trusted authority (like the ones for HTTPS), there is no way that a client can know whether a server is genuine. The central trusted authority model introduces a significant admin overhead and is still flawed (people have managed to obtain SSL certificates on others' behalf by social engineering).

What SSH can do is tell you if a server changes its identity, something which should not usually happen. The user can then choose to abort the connection, thus not revealing anything to a man-in-the-middle.
May 9th, 2003, 05:33 PM
SittingDuck

The classic man in the middle attack. But it is very difficult to pull off as the attacker would have to have control of router or somthing simular.

This is a very complex attack the chances of it happening to anyone of use is very remote. A much bigger problem is an employee with the company who you are send your credit card details to, stealing or copying your details down and then selling them to some else

SittingDuck
May 9th, 2003, 05:53 PM
ammo

The security of SSH, PGP, etc relies in the "off-band" validation of the signatures of the exchanged keys. In SSH for example, when you first log on to a remote server, you're prompted with the key-signature of the remote server; in theory, you would validate that signature with the administrator of the server via an "off-band" mean (ie other than the internet; by phone or snail-mail for example). The same holds with PGP public keys; recent PGP even show the key signature as a series of dictionnary words that you can easily read to someone by phone to validate. Of course, most people don't bother validating the keys, hence the security risk, but that's not really the protocol's fault, more of a human error...

Oh, and in the case of SSL (PGP does that in an un-official/decentralised way too though), validity/authenticity of keys is "transitivly verified" by a "web-of-trust". Ex: I, W, trust X who trusts Y, thus, I can trust Y.

Ammo
May 20th, 2003, 05:02 PM
journy101

A very interesting article, thanks Networker for directing me to this post.

When reading about SSL a week ago I was woundering about how these private and public keys could maybe be intercepted. Was interested in useing SSL on my server just as a learning project, I think I would learn more that way, by doing. Though curently seems my server dont suport generating certificate sign requests, so Im looking for other alternitives like freessl and openssl, or a self signed certificate.

A good read thanks for posting.
May 20th, 2003, 05:04 PM
Networker

sharing is the key!
May 20th, 2003, 05:24 PM
tampabay420

yeah, that's a pretty decent paper...
just finished reading it...
good post networker :)