EFPL report warns of SSL security flaw

February 15, 2012 // 10:57 a.m.

Tags: #diffie-hellman #eff #efpl #electronic-frontier-found #electronic-frontier-foundation #elgamel #https #privacy #rsa #security #ssl #tls

A team of researchers at the École Polytechnique Fédérale de Lausanne (EPFL) has released a report which claims to have found tens of thousands of SSL certificates which provide effectively no security at all, thanks to inadequate random number generation algorithms.

According to the Electronic Frontier Foundation's analysis of the report, which used data from the EFF's SSL Observatory project, it's a serious problem. 'In all cases, a weak key would allow an eavesdropper on the network to learn confidential information, such as passwords or the content of messages, exchanged with a vulnerable server,' the EFF's Dan Auerbach and Peter Eckersley warn.

'Secondly, unless servers were configured to use perfect forward secrecy, sophisticated attackers could extract passwords and data from stored copies of previous encrypted sessions. Thirdly, attackers could use man-in-the-middle or server impersonation attacks to inject malicious data into encrypted sessions.'

The report, entitled Ron [Rivest] was wrong, Whit [Diffie] is right and authored by a team from the EPFL led by Arjen Lenstra, claims that around two out of every one thousand RSA public keys collected during the research 'offer no security.'

While a 99.8 per cent security rating may seem impressive, the RSA public key cryptography system is incredibly widespread. Developed in the 70s by Ron Rivest, Adi Shamir and Leonard Adleman - the R, S and A of RSA - it underpins the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) used by almost every secure website in the world. It's used by banks, online shops, digital distribution services and even voice-over-IP (VoIP) systems to protect credit card details, passwords and other personal data.

As a result, 99.8 per cent isn't good enough, the team argues. 'Our conclusion is that the validity of the assumption [that different random choices are made each time keys are generated] is questionable and that generating keys in the real world for "multiple-secrets" cryptosystems such as RSA is significantly riskier than for "single-secret" ones such as ElGamal or (EC)DSA which are based on Diffie-Hellman.'

The EFF claims that the conclusion is both valid and concerning. 'Given the seriousness of these problems, EFF will be working around the clock with the EPFL group to warn the operators of servers that are affected by this vulnerability, and encourage them to switch to new keys as soon as possible,' the group claimed.

'We are very alarmed by this development. In addition to notifying website operators, Certificate Authorities, and browser vendors, we also hope that the full set of RNG bugs that are causing these problems can be quickly found and patched. Ensuring a secure and robust public key infrastructure is vital to the security and privacy of individuals and organisations everywhere.'

The team's full report can be downloaded in PDF format for review.

QUICK COMMENT

View this in the forums

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU