No, Websites Shouldn't Roll Their Own Encryption
from the just-use-ssl dept
Ben Adida calls out Apple for the poor security of its MobileMe web applications and AppleInsider for its misguided defense of Apple’s design. Most users know that a special “lock” icon in the corner of their browser is a signal that the contents of the current website is encrypted in transit, protecting it from third-party eavesdropping. Evidently, users of MobileMe have been alarmed that MobileMe applications don’t take advantage of this feature, even when sensitive information is being transmitted. Appleinsider says this is no big deal because Apple uses “authenticated handling of JSON data exchanges” to ensure security, and as a result SSL is unnecessary. Moreover, “if Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats.”
As Adida points out, this is way off base. A malicious individual may discover a security hole in the unencrypted part of the site that Apple’s engineers didn’t think of. Encrypting the entire session, rather than just the parts that Apple thinks are security-sensitive, provides an important extra layer of protection. There’s also a more fundamental problem with AppleInsider’s argument: without SSL, the user has no real assurances that he’s talking to Apple, rather than a third party executing a man-in-the-middle attack (perhaps using a poisoned DNS cache). SSL requires servers to present a certificate signed by a recognized certificate authority in order to prove that it’s the website it claims to be. That makes it difficult for a third party to masquerade as a legitimate SSL-encrypted website.
The scheme works because the authentication algorithm is baked into the browser and can’t be changed by the website being visited. In contrast, if the authentication is performed by JavaScript code that was supplied by the server you’re trying to authenticate, the “authentication” process is completely useless. A man-in-the-middle attacker can simply substitute his own bogus authentication script for the real one, and no one will notice the difference. So even if you have complete faith in Apple’s ability to write secure authentication algorithms, you can’t trust a non-SSL website purporting to be from Apple because there’s no way to be sure it’s actually an Apple server.
Training ordinary users to follow good security practices is notoriously difficult. Widespread user understanding and acceptance of the “lock” icon in their browsers is arguably the most significant improvement in web security since the web was created. It’s extremely counterproductive to undermine use confidence in SSL by telling users to put their faith in Apple’s magical homebrew crypto algorithms instead.
Filed Under: encryption, roll your own, ssl
Companies: apple
Comments on “No, Websites Shouldn't Roll Their Own Encryption”
JSON - Security
They’ve apparently decided that session encryption is unnecessary.
From JSON.org:
“Any time you are transmitting confidential information or requests for confidential information, use SSL. It provides link encryption so that your secrets are not revealed in transit.”
So the service is vulnerable to session hijacking. Unfortunately so are many other similar services.
Use SSL and use it properly, dammit!
The ones saying you don’t need SSL are just as clueless as those attacking Firefox for refusing to accept self-signed SSL certificates. Encryption not used properly is worthless, people!
Re: Use SSL and use it properly, dammit!
“Encryption not used properly is worthless, people!”
Encryption not used properly is worse than worthless, it’s actually dangerous because it gets people the impression that their data is actually safe.
I’m surprised that a big company like apple is doing something stupid like this.
Re: Re: Use SSL and use it properly, dammit!
I’m surprised that a big company like apple is doing something stupid like this.
the germans in WWII thought their encryption was perfect too. i wonder if that is a side effect of reality distortion fields.
Peter Gutmann once said:
“Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment.”
Re: Peter Gutmann once said:
“some sort of penis-shaped sound wave” eh?
Sounds like Peter Gutmann should come out of the closet.
Re: Peter Gutmann once said:
Re #3 .. Awww that is pretty darn funny. My coworker had to ask me what is so funny.
Re: Peter Gutmann once said:
Speaking of replacing.. err.. enhancing SSL/SSH, I just posted about Perspectives on my blog. There is also a link to the article on Ars where I came across it.
http://www.nnbfn.net/2008/08/26/additional-protection-from-man-in-the-middle-attacks/
http://arstechnica.com/news.ars/post/20080826-network-notary-system-thwarts-man-in-the-middle-attacks.html
this is only a concerno over WiFi
There is inherent encryption in the cellular network, and throught he shear amount of connections it is virtually impossible to hack a cellular data connection. I realize that SSL would be more secure, but how much is too much. There are MANY other less secure ways we give out our credentials. think of prison imates taking creditcard orders over the phone. Social hacking and the like are still the wosrt threat to personal information security.
Re: this is only a concerno over WiFi
I’m not sure what you mean by this. If you’re looking at websites on your phone, that data’s hitting the Internet at some point and any encryption inherent on the cellular network becomes inconsequential. If there’s a man-in-the-middle attack leveraging a poisoned DNS, you’re going to be giving that data to someone who isn’t who you think they are. And as most such attacks are not done manually, the fact that there are a large amount of connections isn’t a problem (so long as the hacker’s attack scales well).
Re: this is only a concerno over WiFi
And everyone always forgets about the insider… Who cares about encryption if you are on the inside of the encrypted network.
Tim, I couldn’t agree with you more. One just needs to run tcpdump with the -s0 -A switch to see what kind of data is available in plain text to understand how important SSL is. Sniff your own network and see what kind of data you are leaking out. It may surprise you.
It’s the blind faith that appleinsider affords apple that is really scarry. A lot of sites are guilty of this sort of pandering, and it’s not just apple fanboys either. When I see companies abuse the privacy of it’s cutomers then I expect those with an audience to hold there feet to the fire. Always remain skeptical, a good philosophy to live your life to. ESL
Couple of points
The little lock icon on the browser does not actually mandate encryption. It only specifies that HTTPS (HTTP over SSL) is being used as a transport. SSL V2, V3 & TLS all include two supported negotiations which provide authentication without encryption. The only way to be sure your sessions are always encrypted is to check your browser settings to ensure authentication only is disabled as a possible negotiation.
As pointed out above, the flaw in Apple’s system is that it provides encryption without any initial authentication. It relies on DNS being secure which history shows is *not* a proper assumption. Most of the industry figured out seven years ago that proprietary solutions are typically flawed. Apple needs to get with the times.
Shame on Apple, another reason to switch to Blackberry Thunderbird ….
Re: Re:
What are u saying i do not understand what u are saying can u please say it better ?
Encryption is all you need - There are different ways to implement.
SSL is not the only way to encrypt data, although, it does appear to be the only way for the user to be fully assured that their data is secured due to the presence of the lock icons and green search bars.
I can understand the developers point of view. In some cases technology won’t work as intended when you add layers that bottle neck its performance. JSON objects are just data strings and keys, if you encrypt these objects it should show up as the same garbled text as it would on SSL if someone where to sniff it out. Also, why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting. Performance is very important to Americans, we wait for nothing.
Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.
Re: Encryption is all you need - There are different ways to implement.
“…this topic is off.“
Go stuff yourself.
Re: Encryption is all you need - There are different ways to implement.
“why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting.”
I tend to agree, it just seem like bad practice. Personally I have big problems with what Apple is doing here, the only real issue I can see is it does make the ability to spoof it easier.
Re: Re: Encryption is NOT all you need
It’s not just about confidentiality (ensuring nobody else can snoop the data), it’s also about authentication (being sure the data comes from who you think it does). SSL/TLS does both. It’s common-or-garden, off-the-shelf technology. Implemented properly, it works. Use it! Don’t try reinventing your own inferior substitute!
Re: Encryption is all you need - There are different ways to implement.
If you’re asking the public to trust your home-brew encryption then I think it is incumbent on you to show that it is trustworthy, not the other way around.
Re: Re: Encryption is all you need - There are different ways to implement.
Its quite difficult to screw up PHP’s built-in encryption for example | PHP Encrypt Function | Most programming languages have Cryptography functions for this purpose. The same type used to encrypt SSL connections. You won’t know when it’s being used unless a developer tells you it is none-the-less it is still effective in preventing snoopers, although, very ineffective in proving it to the web user.
Re: Encryption is NOT all you need
Nicholas Iler spouted the following bullshit:
Unless and until you go away and read up a bit about “man-in-the-middle” attacks, you have no idea what you’re talking about.
Re: Re: Encryption is NOT all you need
Attack servers setup to fool users into thinking they are on a Bank of America site for example and acting as a proxy to the real destination server. Because the “middle” attack server has authenticated the user the attacker can view your encrypted text as clear text. I got it!
There is allot of attention shown to the naive web user not the websites being spoofed. Bottom line, if you reach a website that has a certificate error or warning, you should not enter anything private. SSL or not you can be victim.
And why does Apple have to change to SSL when they may still be susceptible to “man-in-the-middle” attacks anyway? Don’t answer that. What’s the point? Don’t answer that either.
I admire your depth Lawrence, but I’m not sure the solution is forcing all to use SSL for everything either way (but that’s not your point, I know. You stated “Use SSL and use it properly, dammit!”). Banks sure, I want exploding computers and homing missiles protecting my account. But emails, you are wasting your time spoofing anything of mine not financial related. Good job Firefox for not accepting self-signed certificates.
Encryption
The sad thing is that most all of this encryption is virtually useless as the encryption protocols are out there for everyone who wants to know and use. Granted most of the “hackers” or “bad people ” out there are not smart enough to use them.
Hey i am just commenting on your web site i am at school but it is Club house it is so much fun
I think server side encryption is definitely necessary when sensitive information is being handled. Some people mistakenly think the presence of encryption software denotes a suspicious website, but in most cases the opposite is actually the case