On Monday, 16 September 2019 11:48:20 PDT Giuseppe D'Angelo via Interest wrote: > And this again just mentions that earlier SSL versions had security > vulnerabilities. It does not sustain the claim that there is NO version > which is secure. > > (As Thiago has already reminded, we're way past the point where we do > get to prove mathematically the correctness and the security of our > code; instead we rely on expert research, responsible disclosure and > quick fix of any issue that may have been found.)
The security claim here is relative. There is no currently known attack against SSL/TLS. That does not imply it's mathematically proven to be safe. In all likelihood, there will be issues found. If by that you mean that it's not secure, then yes: it's not secure because there'll likely be a new vulnerability discovered. However, until that happens, it's as secure as we can make anything. I should also point out that so far, none of the successful attacks against SSL/TLS are attacking the encryption. The attacks usually come via a side- channel or some other weak component of the structure. Examples are the Heartbleed, the earlier attack against compression, the renegotiation attack. More frequently, hacks are attacking social engineering, like weak passwords, unsecured or improperly-secured systems. It's believed the Stuxnet attack against Iran's nuclear energy labs was started by dropping USB flash drives in the parking lot. And yet, this is the best we've got. What's the alternative? No encryption and no authentication? Even the only encryption method mathematically proven to be resistant to direct attacks (one-time pads) is vulnerable to side-channel attacks. The OTP leaks and all your data is readable. If the random generator you used to create it in the first place can be predicted, you've also got a problem (for example, by inspecting the initial TCP sequence values that your system sends). I'll agree with Roland that "use SSL, you're safe" is not a factually correct statement. A simple debug-mode "ignoreSslErrors()" left in your code kicks the door wide open to attackers. SSL is a component of your security architecture, but not the only one. But I'll also agree with Peppe that SSL/TLS is as secure as we can make it. Claiming otherwise, claiming that there are attacks that slice through up-to- date and well-maintained installations like a hot knife through butter, without offering proof, is beyond disingenuous. It's positively irresponsible. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
