Hashes: The High Cost of Deployment
Thanks for great intro Adam!.
Steven Bellovin and Eric Rescorla recently released a paper, “Deploying a New Hash Algorithm.” This is a great analysis of both the operational and protocol issues with changing which hash algorithms get used by various security protocols. For instance, S/MIME has no real mechanism for negotiating which hashes (and this certificates) to use and SSL/TLS both have MD5 and SHA-1 hardcoded into the standard.
What this all translates too is a huge operational nightmare. People love to say things like “just use SHA-256”. Unfortunately the protocols just don’t make it that easy. Even more challenging is having to support thousands if not millions of clients that can never ever be compliant. A quick check shows that Wells-Fargo, Bank of America, Washington Mutual, BankOne, CapitalOne, American Express, Fidelity, Schwab and Citi all still allow 40bit SSL connections. Even two of the biggest e-tailors on the planet, eBay and Amazon allow 40 bit connections. Only Chase restricts their logins to 128 bit or higher connections.
This issue is further compounded by the fact that Internet Explorer and Firefox both default to enabling SSLv2 as do IIS and Apache + ModSSL. This all tied together with vulnerabilities like the recent openssl vulnerability, suddenly puts users in a situation where they can be silently sending their personal data over poorly encrypted sessions.
What’s really impressive is that use of less than 128bit SSL or TLS is actually a violation of the CISP/PCI standards as set forth by the credit card companies.
(Via SchneierBlog.)
egotiating – looks like a useful word in another place
I was just reading this blog from the IE folks on the subject of mis-using SSL and specifically web sites poorly designed which include http content in an https page.
see it here: http://blogs.msdn.com/ie/archive/2005/04/20/410240.aspx