In Black Hat keynote, Whitfield Diffie formulates three rules for making applications secure in the age of the Internet.
Cryptographer Whitfield Diffie reckons one of the most important things for good cryptography and security in the age of the Internet is good code. Unfortunately, really good code is generally too expensive to write.
First, “We need to learn good programming”, he said. The second challenge is fixing human interfaces, so every Internet user can understand what is happening. And third, liability issues should be fixed. “That isn’t easy”, he said, because fixing liability issues should go hand in hand with the technologies that system producers need.
We are so fortunate that Civil Engineers don’t build bridges with the same level of acceptable engineering typically used in software development.
That eventually lead Diffie to three challenges that need to be met: First, “We need to learn good programming”, he said. The second challenge is fixing human interfaces, so every Internet user can understand what is happening. And third, liability issues should be fixed. “That isn’t easy”, he said, because fixing liability issues should go hand in hand with the technologies that system producers need.
Russ,Your comment, “The core prolebm with being only focused on “the real world” is that you only have incentives to solve the immediate prolebms at hand, and only to an acceptable level. There is no incentive, time, or resources to deal with the general case, and especially the values and needs of all stakeholders, not just the people paying your salary.”Really is at the core of the prolebm, which is IMHO, fundamentally a research prolebm which will require interdisciplinary teams of scientists.There is so much evidence that people, in their personal or professional endeavors, simply don’t see the incentive to pay for security. This is the reason why “metrics” and “RoI on security” etc. has(is?) dominated the research funding/attention for so long. As we continue to debate on how to govern cybersapce the research presented at WEIS is increasingly pertinent, and is the only source of it’s kind. Glad to have seen you there!
That eventually lead Diffie to three challenges that need to be met: First, “We need to learn good programming”, he said. The second challenge is fixing human interfaces, so every Internet user can understand what is happening. And third, liability issues should be fixed. “That isn’t easy”, he said, because fixing liability issues should go hand in hand with the technologies that system producers need.
they can break DH. Sure, but you need the private key used in that exnhgcae from at least one of the partys(say, A). If you have that key you can just use it as exponent for the public value of the other party(B). Just like A would do it.This private key you need differs for DH and EDH.For DH, your secret is the private key of the certificate that you use. The peer will decrypt this with the public key of your certificate. You’re authenticated at this very moment, different certificates with different public keys won’t work, DH would produce different keys for the two parties.For EDH, your secret is a random value that you only need as long as the handshake takes. The key-pair of your certificate is only used for authentication, eg you can in addition sign your public value.After an (E)DH key agreement, there are always exatly two parties posessing the resulting key. You need authentication to make sure they are the right two parties and not A-Attacker and Attacker-B.Simple DH is probably pretty old. It took a moment for me to realise that it’s the stupid variant of what I learned in my studies during the last few years.Now, did I earn one of your many books? *g*
Whitfield Diffie, in the opening keynote of the recent Black Hat Europe conference, says a good plan to secure software is needed in the age of the Internet. Diffie, one of the pioneers of public-key cryptography, notes that developers should know exactly what the purpose of an application will be. He says programmers need to write good code, but believes the state of the current programming languages is an obstacle. Diffie also says more money should be spent on writing good code in order to secure applications. The rate of Internet technology development also is a hurdle, considering people often download software without thinking about security issues. Although browser sandboxes are created to confine code, Diffie says this way of working is not adequate for a lot of applications. He cites three challenges that need to be met, and the first is to learn good programming. The second challenge is to fix human interfaces so every Internet user can understand what is happening. The third challenge is to address liability issues. Diffie admits the third challenge is difficult, because correcting liability issues should go hand in hand with the technologies that system producers require.
lonervamp,There is more.The failure to dyepcrt is not just with Diffie Hellman Ephemeral. The dyepcrtion method used by Wireshark, ssldump, unsniff will not work for exportable RSA keys either (i.e less than 1024 bit).This is because a temporary RSA key exchange takes place to negotiate a exportable cipher. This is just like DHE, but for weaker encryption and uses RSA.This may sound weird, but the so called weak export ciphers are actually immune to dyepcrtion using tools like Wireshark / ssldump / unsniff etc. However unlike DHE , RSA “ephemeral” for export is vulnerable to brute force. This means agencies like NSA in the United States can simply brute force keys like DES56, irrespective of the key exchange strength !A hobby attacker, or someone who has stolen server keys, can certainly not brute force an export cipher like DES56 very easily.
SSL decryption in Wireshark or SSLdump reqerius you to own the private keys used to decrypt the connection.In an EDH, no such keys exist. It’s a straight DH exchange, with randomly generated keys.In a straight DH exchange, this would be vulnerable to MITM attacks (the snoop would simply complete DH exchanges with both sides of the connection, deriving two different keys, and translate etween the two).EDH uses the cert keypairs to guarantee that the DH exchange happened without an MITM tampering.EDH has “perfect forward secrecy” because no stationary set of keys is used to protect all the sessions. If you compromise the server key, all you get is the ability to sign DH parameters in a future session.