|
Security Considerations
SSL 2.0, the first publicly released version, has a number of security flaws, so SSL 3.0 and TLS are the clear choices. Current browsers, including Inter-net Explorer, Firefox and Netscape, allow users to enable support for SSL 2.0, SSL 3.0 and TLS. IE 7.0, now in beta, goes a step further by requiring either SSL 3.0 or TLS.
The primary consideration is picking a strong cipher. Though a number of both public and symmetric ciphers can be used during an SSL/TLS connection, TripleDES and, even better, the Advanced Encryption Standard (AES) are the most secure and strongly recommended. DES as a cipher and MD5 as a hash function for authentication are no longer considered secure.
DES is vulnerable to brute-force attacks because it's limited to a 56-bit key, which can be cracked with a little time and some hefty computing power. It's not secure against well-funded attackers or someone with access to a cluster of computers. TripleDES applies DES three times, with three different keys.
AES, a new block cipher standard, supplants DES. It uses a 128-bit block and supports 128, 192 and 256-bit keys, making it a much more secure alternative. As a variable-length algorithm, as opposed to DES/TripleDES's fixed length, its key size can be increased to meet the challenge of faster computers' applied brute force. AES is typically used in TLS implementations.
As for hashing functions, both MD5 and SHA-1 have come under attack recently--especially MD5, which is all but obsolete. While both are based on the older MD4 protocol, SHA-1 was developed later and avoids some of MD5's vulnerabilities. It's still heavily used even though its security is debated. The National Institute for Standards and Technology is expected to hold a competition, much like the one that established AES, to create stronger cryptographic hash functions.
Among public key ciphers, the venerable RSA still stands as the best choice. The only requirement to ensure security is picking a large enough key,
so any brute-force attack is bound to fail. RSA has been the most closely reviewed public key encryption algorithm and still stands strong. At this point, the chances of finding a flaw appear slim.
SSL and TLS are secure if they are implemented correctly and robust crypto algorithms are used. If the user is checking digital certificates, then a man-in-the-middle attack--spoofing the legitimate server--will be detected and defeated. However, a careless user can still be fooled by failing to check messages indicating that a certificate is suspect.
Versatile Protocol
There are many applications of SSL besides just securing connections to Web servers. SSL/TLS can be used by any application designer to create secure connections to a server. The protocol can be used just as easily on local networks, and theoretically on any type of network connection that is reliable. For example, SSL and TLS are often used on intranets and private networks to protect from insider threats. SSL can also be used as a wrapper for unsecured protocols like SMTP and FTP.
Since SSL and TLS treat all data as binaries, any type of data can be sent securely, such as HTML, Word documents and images.
However, anticipate some extra work on the programming side for internal implementations. Beyond the socket call described earlier to enable
an application to use SSL, there is a whole suite of system/library calls that are used to establish a secure connection to a server. All of this work must be done by the application programmer on both the client and the server.
Above all, SSL makes e-commerce possible. It assures the customer that the Web site is genuine, and that he can do business on the Web with peace of mind.
|
