Thursday, February 17, 2005

Uh oh...

Oh boy - two posts in one day. That's a rare treat for all of you, but I absolutely have to share this:

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Don't bother reading the above unless you are in the security industry. There is only one thing you need to know: e-commerce = seriously busted. See, I am into the whole security industry thing and you don't need to be. However, when something this huge happens, you need to know about it - and perhaps the underlying technology of how it works. And this is huge.

Okay, we all remember...we probably don't remember but think we do...back when e-commerce was this huge buzzword and everyone was talking about how it was the hot next best thing? That was somewhere around 1998 and escalated into 2001. It is now 2005. In computer to human years, that is 80 total years for e-commerce.

E-commerce is based on a technology called Secure Socket Layer (SSL). SSL is called a layer because it transports data securely over the Internet using TCP/IP. TCP/IP is insecure. For instance, a Telnet session (a way to execute commands on a remote computer) used to be a great source of information for people/programs listening in on the network - you could get passwords and other sensitive data. Obviously, you would never want to do e-commerce over plain-old TCP/IP because very sensitive information such as credit card numbers are involved.

In came SSL. Or better known now as SSL/TLS (the latter being a real IETF standard while SSL was somewhat of a buggy hack that Netscape created). With SSL, information could be sent securly in the open across TCP/IP without people watching what was going on. This was great news to retailers who wanted to expand into the growing Internet.

Before e-commerce could come into play, however, people needed to be able to use their web browsers to send their credit card information over the Internet. In came HTTPS. HTTP is a standard way to communicate with a web browser to and from a web server. HTTP runs over TCP/IP (which means all plain-old HTTP traffic is insecure). All HTTPS does is inject SSL between the HTTP and TCP/IP layers. A pretty picture follows:

HTTP <-> SSL <-> TCP/IP = HTTPS

So, your web browser simply continues to talk HTTP when it talks across SSL.

Okay, this seems good and all, so what's the big deal? What if SSL is ever broken. I'm not talking about a random case here and there. I mean a real break. A fundamental break.

To understand how SSL can be broken fundamentally, you have to understand how SSL actually operates. Let's say you want to create a secure connection between you and an unknown host. It is like walking up to a complete stranger on the street and giving them your credit card. You aren't going to do that without figuring something out about the stranger first. The same thing happens with a SSL-enabled server. The first thing that happens across SSL is a handshake and key exchange.

1) The hankshake is kind of like real life. Basically to verify that the server really is a SSL server and to get some preliminary information. Namely, this information is a server certificate containing a public key.

2) Based on the server certificate's public key, a session key is created and the public part of that key is sent to the server encrypted using the server's public key. Since only the server has the private key the message can only be decrypted by the server. This is a topic suitable for a book, so I won't go into any more detail, but suffice it to say that at this point the browser has missed a fundamental flaw.

Where is the fundamental flaw? Somewhere between steps 1 and 2, the browser's SSL architecture does a security check on the certificate to verify that there is a path to a trusted root, the certificate hasn't expired, and this is the right domain. What if the certificate is ever spoofed? What if the trusted root is spoofed? Is that possible? Until today it wasn't. (If this doesn't make sense, please keep reading).

Back in August 2004, MD5 was considered broken shortly after the "rump session" at the recent security conference. At the same conference, SHA-1 was partially broken and SHA-0 completely broken. All three are cryptographic hashes. Both MD5 and SHA-1 are heavily used in e-commerce SSL server certificates (more use the latter). Therefore, both affect you as a consumer and/or server owner if they are ever publicly broken.

Let's just prove this to ourselves for a moment. Start up another browser session and go to PayPal's secure website (https://www.paypal.com/). You will notice that in the lower right corner of IE a little gold lock will appear. If you hover over it, you can see it is "128-bit secured". Now, double-click on it and a window you probably have never seen before in IE appears. Feel free to explore, but eventually come back to the next step (please don't install the certificate - they are a pain to remove). Go to the details tab. Scroll to the bottom of the list. Second from the bottom should be an entry called "Thumbprint algorithm". It will say "SHA1". This means that the certificate the server sent your browser is only as good as the strength of the cryptographic hash SHA-1. If SHA-1 is ever broken, the certificate is therefore broken. According to the rumors above, SHA-1 is broken. Therefore:

- PayPal is no longer secure.
- Your online bank is no longer secure.
- Any place you use a credit card online is no longer secure.
- VPN logins are no longer secure.
- The list goes on.

I expect that within a couple weeks/months people will start panicking when their card gets stolen from underneath them. I have a solution for that: Go shopping at your local store...those places exist for a reason.

No comments:

Post a Comment