[Cryptography] Kali Linux security is a joke!

Michael Kjörling michael at kjorling.se
Mon Mar 23 13:49:46 EDT 2015 

On 23 Mar 2015 08:32 +0100, from pibara at gmail.com (Rob Meijer):
> ​I couldn't agree more. Here is a bit of a rant I wrote a few months back
> in response to some
> of the undue praise that the 'HTTPS Everywhere' idea was getting:
> 
>> https://minorfs.wordpress.com/2015/01/07/why-https-everywhere-is-a-horrible-idea-for-now/

It looks to me like that blog post is basically about the CA problem,
and the fact that in the absence of trust in the full set of CAs TLS
protects mainly against passive attacks and a small set of active
attacks.

But in all fairness: exactly what of that is solved by going with HTTP
rather than HTTPS?

In HTTP, all traffic is in the clear, available for anyone to copy or
modify anywhere along the route. You are relying on everyone being
honest and passing along the traffic unmodified.

In HTTPS, a _passive_ attacker will only see the ciphertext of web
pages. They will see, through DNS and SNI, which hosts you are
visiting, and in the case of reasonably small, publicly available
hosts might be able to determine which pages you're looking at. But in
HTTP, they were _certainly_ able to do that, right along with
responding with a HTTP response of their own, and in the case of HTTP,
there was no way for the end user to tell that it has happened at all.

An _active_ attacker capable of injecting DNS responses, tricking the
client or server into downgrading the connection security, or
something similar, can obviously use that ability to take over a HTTPS
session just as well as they could take over a HTTP session. But
suddenly there exists the possibility to introduce another obstacle:
certificate pinning (client- or server-side) or validation against
what is seen by others for the same host. Combine a plugin like HTTPS
Everywhere (with or without the SSL Observatory feature turned on)
with one like Certificate Patrol on the client side, and configure
HSTS on the server side if applicable. Suddenly, without making large
changes on either side, _passive attacks became vastly more
difficult_. By forcing the attacker to become _active_ you increase
the risk and/or cost to the attacker at little inconvenience to the
user. Specifically, it significantly increases the risk that the
attack will be noticed, or increases the cost in terms of resources
for gaining access to the content of the communication.

Now, if an attacker has reason and ability to target you specifically,
they still might. But all of a sudden they are now risking exposure,
and they have to expend (for example computational) resources which,
after all, are limited.

Is that good or bad for security?

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list