Cryptosystems are the foundation of the security for much of the Internet. Protocols such as SSL/TLS help secure communications between users and banks, e-commerce sites and other services that rely on confidentiality. The crypto code in those systems is, like all code, fragile and subject to all kinds of outside influences.
That advice hasn’t changed. If anything, it’s become even more important.
“Never invent your own primitives or protocols. Cryptographic protocols are fiendishly difficult to get right; even pros often get them wrong. Encryption algorithms are even harder to design. It’s certainly true that there have been very few known attacks on bad crypto by hackers not working for a major government. But ‘few’ is not the same as ‘none’—think of WEP—and many commercial sites have been targeted by governments,” Steve Bellovin, professor of computer science at Columbia University, wrote in a post on the topic.
The second point there is a key one. Crypto is implemented all over the place, and in a lot of places you might not expect. One of the things that the heartbleed fiasco has shown is that OpenSSL and its many cousins in the crypto world have spread far and wide on the Internet, which is a good thing. But it also means that the attack surface is potentially huge when a major bug such as heartbleed emerges. Vulnerable implementations could be virtually anywhere, and researchers have shown that to be true in the last few weeks.
The other part of the issue is that crypto attacks have continued to advance over the years, with new variants and innovative techniques emerging regularly. And with crypto code running in more and more places, the opportunities to make mistakes are increasing by the day.
“Crypto code, though, is special; there are precautions that need to be taken that are irrelevant anywhere else. Consider things like timing attacks: if you’re using RSA but haven’t implemented it with all due paranoia, an attacker can recover your private key just by seeing how long it takes you to respond to certain messages. There are cache timing attacks: if the attacker can run programs on the same computer as your crypto code (and this isn’t a preposterous notion in a world of cloud computing), it’s possible to figure out an AES key by watching what cache lines are busy during an encryption or decryption operation,” Bellovin said.
Full Article
OpenSSL Heartbleed Highlights Crypto Pitfalls
Userlevel 7
+52
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.