Father of SSH Says Security Is 'Getting Worse' 132
Posted
by
Unknown Lamer
from the living-in-the-pupil-of-1000-eyes dept.
from the living-in-the-pupil-of-1000-eyes dept.
alphadogg writes with an excerpt from an interview with the designer of SSH-1: "Tatu Ylönen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)"
Security getting worse (Score:5, Interesting)
Another huge problem is the 'meh' attitude people have towards their personal information. We throw our data around so willy-nilly on smart phones and social networks. We check in places that tell everyone where we are (or are not http://pleaserobme.com/ [pleaserobme.com] ), publicly publish our most intimate family and friend relationships, report where we live and work, we even identify people to image recognition software. One expert I heard said that he could not imagine a more dastardly personal information monitoring system than Facebook. And we WILLINGLY give that information away. Google reads your emails and all the documents you upload to their 'free' services. Websites use everything they can to target ads at you, etc.
The unfortunate part, as my CS security professor pointed out, is that by the time it crosses an ethical line - it's nearly impossible to stop. Even worse, what if the company you gave all that info too gets sold to a very un-scrupulous person in a country with no protections? What if your government is taken over and they raid these databases for information about dissenters? All of these things are real, happen today, and yet we consider it more important to be able to brag to our friends and family what we had for dinner last night than protect ourselves.
Re:How is this quantifiable in any stretch? (Score:4, Interesting)
I disagree. The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient. New techniques and systems are constantly being built to attack these methods. While I'm not saying SSH is bad or outdated, I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots. What if at 51200 bit security, we find an aweful and damnin patter appears in the math? We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow (while we are pretty sure it can't).
We mustn't fall into the trap of thinking that what is good enough today is good forever. Have as many irons in the fire being tested and competing is the best way for your protection today and tomorrow.
Re:ssh (Score:5, Interesting)
SSL by itself is secure. However, it would be nice to have it allow to be implemented in a WoT fashion similar to PGP/gpg.
This way, I go to my banks's site. I'm 100% sure that the key is genuine because that is what shows up, and that the bank prints the fingerprint of the key for people to see when visting a branch. So, I sign the bank's key.
I go to another site. The key for the server is unknown, but I have 2-3 semi-trusted CAs all agree that the key is whom it is supposed to be. The threshold I set allows the SSL transaction.
I go to a third site, one CA says the key is OK, but nobody has zero clue about it. The threshold set will warn the connection is encrypted, but untrusted. Since it is just the listings for when the local vomitorium is open, the risk is acceptable.
The fourth site, a friend signed the key, but completely distrusting it. The Web browser refuses to go to the site, or if allowed to, shows that anything from there is suspect. A link leads to a discussion on this. After several people mention this on another forum, the owners of the site with the bad cert find that their DNS server was compromised as well as the CA they were using.
I wish SSL had this functionality in it. Since it is a superset of having root keys and a CA hierarchy, existing stuff would work. A compromised CA's damage would be greatly limited.
Re:ssh is the reason for insecurity (Score:5, Interesting)
If IPSEC wasn't one of the worst designed-by-committee-throw-in-the-kitchen-sink monstrosities ever produced, it would be more widely adopted.
Just getting two of my Linux boxes to talk IPSEC to each other took a couple of days, because there are about a bazillion different combinations of parameters and if any of them are wrong it doesn't work and doesn't provide any easy means of figuring out why it doesn't work.
It's also a 'security' protocol which allows you to send unencrypted data, so even if you do use it you can't readily prove that you have a secure connection unless you monitor the traffic.
There's a reason why we use SSL and SSH instead.
Re:ssh (Score:4, Interesting)
But don't forget the flip side of that argument, the BOFHs that make things so much of a PITA either the users are gridlocked and can't get dick done or they actively go out of their way to break the security just so they can work.
I'll never forget an old programmer friend of mine who told me about taking some of the students he was teaching over to check out this big corporate software firm. on and on and on the BOFH giving the tour talked about how incredibly secure his place was, with crazy password rules and just one nasty thing after another until mike said "You give me 15 minutes in this place and I bet you $100 and a steak dinner i CAN get into your systems".
Well sure enough the BOFH took him up on it and let him loose for 15 minutes while he took over the tour. In 10 he was back with a dozen working username/password combos, including one for one of the higher level guys that would have pretty much given him the keys to the kingdom. When the BOFH demanded he show him how he did it, know what he did? he just went and started flipping keyboards and there were the passwords because nobody could keep up with them thanks to his crazy rules.
So its always a balancing act between making a secure system and making an unusable one. After all you could make a corp the most secure system in the world by simply cutting the power to the PCs and locking them in a vault but they wouldn't be doing the workers much good then, will they?