> If there were gaping holes in SSL and TLS ... there'd be much bigger and
> uglier headlines about it.
I disagree. Frankly; I submit that most folks don't begin to grasp enough
of the fundamentals to even make an informed decision re: the
trustworthiness SSL/TLS.
SSL/TLS is built on a foundation of trust & (big) random numbers.
re: Trust (Authentication; are you, who you claim to be?)
This is implemented using Digital Certificates, issued by Certificate
Authorities.
- There are ~600 CA's. If any one [1] them is hacked, it's as-if they are
all hacked. There have been more than six [6] known/successful hacks of
CAs. Security pros have plausible reasons to believe that four [4] more
CA's are presently hacked ... and the CA's don't yet know it.
- Most web browsers implicitly trust 160-250 CAs. Your browser, right
now, probably trusts the Chinese Railroad and/or the Chinese/HongKong
post office. Why? Would you trust a Citibank certificate issued by the
Chinese RR? Do you even know who issues the cert for your bank? Did
you notice when it was renewed? Did the CA issuing the renewed cert
change?
- It's easy to forge digital certificates. The std allows for it - they are
"self-signed" certificates. Does anyone here, besides me, actually study
the digital certificates that are sent to their browser??? Example: A
Class-C airport that I visit, brags about offering free-WiFi for customers.
They serve-up forged (self-signed) certifcates for hotmail, gmail, Yahoo
mail, Facebook, PayPal, eBay, etc. This enables whoever is providing the
forged certs to snoop SSL/TLS encrypted connections. Gulp. There are
waaay too many free hotspots up to such nonsense.
i.e. Having a little padlock displayed on the browser is no guarantee that
you are connecting to who you think you are ... ditto for "https" in the
addr bar. This isn't hard work. Heck, it's even been appliance-ized:
http://www.packetforensics.com/pfli5b.safe
re: (Pseudo) Random Numbers
Recent studies of the pseudo-random number generators (PRNGs) being
used presently, reveal that they are not random enough. This is bad.
It gives anyone trying to crack encryption a substantive head start.
Then there is the matter of size - we once thought 512-bit primes were
plenty large enough. Not any more. Academic institutions have
pre-calculated the 512-bit primes and they are are avail. Ditto 768-bit
primes. Are 1024-bit primes large enough??? These are the backbone
for current certs & encryption technologies. Some CAs are now talking
publicly about offering 2048 (or 4096-bit) certificates ...
So, before I get a PM asking, "do you do on-line shopping? Banking?"
I do online shopping using a credit card issued by a bank where I have no
other accounts/business. I only do it after booting from a CD with an
image that I trust. There's that damn T-word again. <g>
I do NOT do online banking. Never. Not once. Every year, I visit my
bank(s) and give them a letter reminding them:
- No electronic banking
- In person, positive-ID match transactions only. I "test" them,
regularly, in this regard. So far, I have had cause to "fire" four
banks.
- Are you aware that many ATM cards, are also debit cards? Think yours
isn't? Why? Because the min-wage teller said so? Because a brochure or
webpage said so? Test it. Please.
Can I be hacked? It's already happened; three times. Twice by bank
employees, once on PayPal ... where they overdrew the associated bank
account. Quite comforting to know that the higher-risk transactions are
firewalled from my real/regular banking & accounts.
