Researchers crack SSL encryption
Two security researchers have found a way of breaking the SSL/TLS encryption that allows the information that passes from browser/user to server and back be reliable and, above all, private.
Thai Duong and Juliano Rizzo are scheduled to demonstrate their BEAST (Browser Exploit Against SSL/TLS) at the Ekoparty security conference of Friday, but information about it was released previously and has created quite a stir in the security community, still rattled by the recent demonstration of fallibility of the CA trust system.
The revelation that the last two versions (1.1 and 1.2) of the TLS cryptographic protocol are safe from such an attack gives almost no satisfaction, as the overwhelming majority of websites protected by it support version 1.0.
BEAST consists of JavaScript code that gets inserted in the user’s browser and works with a network sniffer to decrypt the cookies that carry the information – username and password – that allows users to access their accounts.
“BEAST is different than most published attacks against HTTPS,” Duong shared with The Register. “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”
He also claimed that with recently made improvements, it is able to decrypt a typical 1,000 to 2,000 characters long cookie in under ten minutes. Also, that other applications that use the vulnerable TLS version – such as instant messaging and VPN programs – could be attacked with BEAST.
And if you’re wondering why a wide implementation of the newest versions of TLS has never happened even though they were released five and three years ago (respectively), the answer lays in the fact that updating it often means that other widely used technologies and popular applications won’t work as they should.
This was corroborated by Duong, who say that they have been working with browser and SSL vendors since early May, but that every single proposed fix is incompatible with some existing SSL applications.
“What prevents people is that there are too many websites and browsers out there that support only SSL 3.0 and TLS 1.0. If somebody switches his websites completely over to 1.1 or 1.2, he loses a significant part of his customers and vice versa,” he said.