[Interest] Qt 5.9 and OpenSSL 1.1?
Thiago Macieira
thiago.macieira at intel.com
Mon Sep 16 21:41:12 CEST 2019
On Monday, 16 September 2019 11:48:20 PDT Giuseppe D'Angelo via Interest
wrote:
> And this again just mentions that earlier SSL versions had security
> vulnerabilities. It does not sustain the claim that there is NO version
> which is secure.
>
> (As Thiago has already reminded, we're way past the point where we do
> get to prove mathematically the correctness and the security of our
> code; instead we rely on expert research, responsible disclosure and
> quick fix of any issue that may have been found.)
The security claim here is relative.
There is no currently known attack against SSL/TLS. That does not imply it's
mathematically proven to be safe. In all likelihood, there will be issues
found. If by that you mean that it's not secure, then yes: it's not secure
because there'll likely be a new vulnerability discovered.
However, until that happens, it's as secure as we can make anything.
I should also point out that so far, none of the successful attacks against
SSL/TLS are attacking the encryption. The attacks usually come via a side-
channel or some other weak component of the structure. Examples are the
Heartbleed, the earlier attack against compression, the renegotiation attack.
More frequently, hacks are attacking social engineering, like weak passwords,
unsecured or improperly-secured systems. It's believed the Stuxnet attack
against Iran's nuclear energy labs was started by dropping USB flash drives in
the parking lot.
And yet, this is the best we've got. What's the alternative? No encryption and
no authentication?
Even the only encryption method mathematically proven to be resistant to
direct attacks (one-time pads) is vulnerable to side-channel attacks. The OTP
leaks and all your data is readable. If the random generator you used to
create it in the first place can be predicted, you've also got a problem (for
example, by inspecting the initial TCP sequence values that your system
sends).
I'll agree with Roland that "use SSL, you're safe" is not a factually correct
statement. A simple debug-mode "ignoreSslErrors()" left in your code kicks the
door wide open to attackers. SSL is a component of your security architecture,
but not the only one.
But I'll also agree with Peppe that SSL/TLS is as secure as we can make it.
Claiming otherwise, claiming that there are attacks that slice through up-to-
date and well-maintained installations like a hot knife through butter,
without offering proof, is beyond disingenuous. It's positively irresponsible.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list