Illusion of Security


News that SSL encryption can be broken in 10 minutes seems quite big to me.

The fun fact everyone would talk about is that 128 bit SSL encryption would take longer than the age of the universe to crack.  10 minutes seems like quite an improvement.   The article is a little vague (or perhaps some of the TLS talk is above my head), but as far as I can tell, an infected browser could compromise any secure browser session to an HTTPS secured site that went longer than 10 minutes on a network that had an internet sniffer.  This would include all online banking websites, online email websites, etc.

I’m surprised that it’s not getting a lot more attention online.  I guess people are tired of doomsday internet security stories.  It used to be that information on the internet as given attention based on a meritocracy.  Now, it’s more like television in that the information that drives more advertising revenue will spread like wildfire.

I guess online security is partially an illusion anyway.  Even if HTTPS and SSL were perfectly safe, a rogue database administrator at your bank likely would have full access to all your account data.  The analogy is that you can keep your credit card number completely secure, but who knows what the waiter does with that credit card when they take it to the back to process the charge.

No Comments

Leave a Reply

Allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>