No, Websites Shouldn't Roll Their Own Encryption

from the just-use-ssl dept

Mon, Aug 25th 2008 5:17pm — Timothy Lee

Ben Adida calls out Apple for the poor security of its MobileMe web applications and AppleInsider for its misguided defense of Apple's design. Most users know that a special "lock" icon in the corner of their browser is a signal that the contents of the current website is encrypted in transit, protecting it from third-party eavesdropping. Evidently, users of MobileMe have been alarmed that MobileMe applications don't take advantage of this feature, even when sensitive information is being transmitted. Appleinsider says this is no big deal because Apple uses "authenticated handling of JSON data exchanges" to ensure security, and as a result SSL is unnecessary. Moreover, "if Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats."

As Adida points out, this is way off base. A malicious individual may discover a security hole in the unencrypted part of the site that Apple's engineers didn't think of. Encrypting the entire session, rather than just the parts that Apple thinks are security-sensitive, provides an important extra layer of protection. There's also a more fundamental problem with AppleInsider's argument: without SSL, the user has no real assurances that he's talking to Apple, rather than a third party executing a man-in-the-middle attack (perhaps using a poisoned DNS cache). SSL requires servers to present a certificate signed by a recognized certificate authority in order to prove that it's the website it claims to be. That makes it difficult for a third party to masquerade as a legitimate SSL-encrypted website.

The scheme works because the authentication algorithm is baked into the browser and can't be changed by the website being visited. In contrast, if the authentication is performed by JavaScript code that was supplied by the server you're trying to authenticate, the "authentication" process is completely useless. A man-in-the-middle attacker can simply substitute his own bogus authentication script for the real one, and no one will notice the difference. So even if you have complete faith in Apple's ability to write secure authentication algorithms, you can't trust a non-SSL website purporting to be from Apple because there's no way to be sure it's actually an Apple server.

Training ordinary users to follow good security practices is notoriously difficult. Widespread user understanding and acceptance of the "lock" icon in their browsers is arguably the most significant improvement in web security since the web was created. It's extremely counterproductive to undermine use confidence in SSL by telling users to put their faith in Apple's magical homebrew crypto algorithms instead.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, roll your own, ssl
Companies: apple

27 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Michael Janke (profile), 25 Aug 2008 @ 6:08pm

JSON - Security
They've apparently decided that session encryption is unnecessary.

From JSON.org:

"Any time you are transmitting confidential information or requests for confidential information, use SSL. It provides link encryption so that your secrets are not revealed in transit."

So the service is vulnerable to session hijacking. Unfortunately so are many other similar services.
[ link to this | view in chronology ]
Lawrence D'Oliveiro, 25 Aug 2008 @ 6:24pm

Use SSL and use it properly, dammit!
The ones saying you don't need SSL are just as clueless as those attacking Firefox for refusing to accept self-signed SSL certificates. Encryption not used properly is worthless, people!
[ link to this | view in chronology ]
- Jesse McNelis, 25 Aug 2008 @ 8:17pm
  
  Re: Use SSL and use it properly, dammit!
  "Encryption not used properly is worthless, people!"
  
  Encryption not used properly is worse than worthless, it's actually dangerous because it gets people the impression that their data is actually safe.
  
  I'm surprised that a big company like apple is doing something stupid like this.
  [ link to this | view in chronology ]
  - chris (profile), 26 Aug 2008 @ 6:39am
    
    Re: Re: Use SSL and use it properly, dammit!
    I'm surprised that a big company like apple is doing something stupid like this.
    
    the germans in WWII thought their encryption was perfect too. i wonder if that is a side effect of reality distortion fields.
    [ link to this | view in chronology ]
Coyote, 25 Aug 2008 @ 6:52pm

Peter Gutmann once said:
"Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment."
[ link to this | view in chronology ]
- Cixelsid, 26 Aug 2008 @ 3:37am
  
  Re: Peter Gutmann once said:
  "some sort of penis-shaped sound wave" eh?
  
  Sounds like Peter Gutmann should come out of the closet.
  [ link to this | view in chronology ]
- Killer_Tofu (profile), 26 Aug 2008 @ 5:49am
  
  Re: Peter Gutmann once said:
  Re #3 .. Awww that is pretty darn funny. My coworker had to ask me what is so funny.
  [ link to this | view in chronology ]
- Jon, 26 Aug 2008 @ 9:12am
  
  Re: Peter Gutmann once said:
  Speaking of replacing.. err.. enhancing SSL/SSH, I just posted about Perspectives on my blog. There is also a link to the article on Ars where I came across it.
  
  http://www.nnbfn.net/2008/08/26/additional-protection-from-man-in-the-middle-attacks/
  
  http ://arstechnica.com/news.ars/post/20080826-network-notary-system-thwarts-man-in-the-middle-attacks.ht ml
  [ link to this | view in chronology ]
Mike, 25 Aug 2008 @ 8:12pm

this is only a concerno over WiFi
There is inherent encryption in the cellular network, and throught he shear amount of connections it is virtually impossible to hack a cellular data connection. I realize that SSL would be more secure, but how much is too much. There are MANY other less secure ways we give out our credentials. think of prison imates taking creditcard orders over the phone. Social hacking and the like are still the wosrt threat to personal information security.
[ link to this | view in chronology ]
- Anonymous Coward, 26 Aug 2008 @ 5:23am
  
  Re: this is only a concerno over WiFi
  I'm not sure what you mean by this. If you're looking at websites on your phone, that data's hitting the Internet at some point and any encryption inherent on the cellular network becomes inconsequential. If there's a man-in-the-middle attack leveraging a poisoned DNS, you're going to be giving that data to someone who isn't who you think they are. And as most such attacks are not done manually, the fact that there are a large amount of connections isn't a problem (so long as the hacker's attack scales well).
  [ link to this | view in chronology ]
- Jon, 26 Aug 2008 @ 9:13am
  
  Re: this is only a concerno over WiFi
  And everyone always forgets about the insider... Who cares about encryption if you are on the inside of the encrypted network.
  [ link to this | view in chronology ]
inc, 25 Aug 2008 @ 8:54pm

Tim, I couldn't agree with you more. One just needs to run tcpdump with the -s0 -A switch to see what kind of data is available in plain text to understand how important SSL is. Sniff your own network and see what kind of data you are leaking out. It may surprise you.
[ link to this | view in chronology ]
orb, 25 Aug 2008 @ 10:54pm

It's the blind faith that appleinsider affords apple that is really scarry. A lot of sites are guilty of this sort of pandering, and it's not just apple fanboys either. When I see companies abuse the privacy of it's cutomers then I expect those with an audience to hold there feet to the fire. Always remain skeptical, a good philosophy to live your life to. ESL
[ link to this | view in chronology ]
Chris Brenton, 26 Aug 2008 @ 12:22am

Couple of points
The little lock icon on the browser does not actually mandate encryption. It only specifies that HTTPS (HTTP over SSL) is being used as a transport. SSL V2, V3 & TLS all include two supported negotiations which provide authentication without encryption. The only way to be sure your sessions are always encrypted is to check your browser settings to ensure authentication only is disabled as a possible negotiation.
As pointed out above, the flaw in Apple's system is that it provides encryption without any initial authentication. It relies on DNS being secure which history shows is *not* a proper assumption. Most of the industry figured out seven years ago that proprietary solutions are typically flawed. Apple needs to get with the times.
[ link to this | view in chronology ]
John Doe, 26 Aug 2008 @ 1:28am

Shame on Apple, another reason to switch to Blackberry Thunderbird ....
[ link to this | view in chronology ]
- kaelyn, 20 Jan 2009 @ 4:24pm
  
  Re:
  What are u saying i do not understand what u are saying can u please say it better ?
  [ link to this | view in chronology ]
Nicholas Iler, 26 Aug 2008 @ 10:34am

Encryption is all you need - There are different ways to implement.
SSL is not the only way to encrypt data, although, it does appear to be the only way for the user to be fully assured that their data is secured due to the presence of the lock icons and green search bars.
I can understand the developers point of view. In some cases technology won't work as intended when you add layers that bottle neck its performance. JSON objects are just data strings and keys, if you encrypt these objects it should show up as the same garbled text as it would on SSL if someone where to sniff it out. Also, why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting. Performance is very important to Americans, we wait for nothing.
Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.

[ link to this | view in chronology ]
- Anonymous Coward, 26 Aug 2008 @ 11:24am
  
  Re: Encryption is all you need - There are different ways to implement.
  "...this topic is off."
  
  Go stuff yourself.
  [ link to this | view in chronology ]
- Anonymous Coward, 26 Aug 2008 @ 12:35pm
  
  Re: Encryption is all you need - There are different ways to implement.
  "why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting."
  
  I tend to agree, it just seem like bad practice. Personally I have big problems with what Apple is doing here, the only real issue I can see is it does make the ability to spoof it easier.
  [ link to this | view in chronology ]
  - Lawrence D'Oliveiro, 28 Aug 2008 @ 7:06pm
    
    Re: Encryption is NOT all you need
    
    "why constantly encrypt all data on the page when maybe only 5% of the data needs encrypting."
    
    It's not just about confidentiality (ensuring nobody else can snoop the data), it's also about authentication (being sure the data comes from who you think it does). SSL/TLS does both. It's common-or-garden, off-the-shelf technology. Implemented properly, it works. Use it! Don't try reinventing your own inferior substitute!
    [ link to this | view in chronology ]
- Anonymous Coward, 26 Aug 2008 @ 6:17pm
  
  Re: Encryption is all you need - There are different ways to implement.
  Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.
  If you're asking the public to trust your home-brew encryption then I think it is incumbent on you to show that it is trustworthy, not the other way around.
  [ link to this | view in chronology ]
  - Nicholas Iler, 27 Aug 2008 @ 10:07am
    
    Re: Re: Encryption is all you need - There are different ways to implement.
    Its quite difficult to screw up PHP's built-in encryption for example | PHP Encrypt Function | Most programming languages have Cryptography functions for this purpose. The same type used to encrypt SSL connections. You won't know when it's being used unless a developer tells you it is none-the-less it is still effective in preventing snoopers, although, very ineffective in proving it to the web user.
    [ link to this | view in chronology ]
- Lawrence D'Oliveiro, 28 Aug 2008 @ 7:02pm
  
  Re: Encryption is NOT all you need
  Nicholas Iler spouted the following bullshit:
  
  Unless someone can prove other forms of encryption not SSL specifically are worthless and text is readable to sniffers, this topic is off.
  
  Unless and until you go away and read up a bit about "man-in-the-middle" attacks, you have no idea what you're talking about.
  [ link to this | view in chronology ]
  - Nicholas Iler, 31 Aug 2008 @ 12:59am
    
    Re: Re: Encryption is NOT all you need
    Attack servers setup to fool users into thinking they are on a Bank of America site for example and acting as a proxy to the real destination server. Because the "middle" attack server has authenticated the user the attacker can view your encrypted text as clear text. I got it!
    There is allot of attention shown to the naive web user not the websites being spoofed. Bottom line, if you reach a website that has a certificate error or warning, you should not enter anything private. SSL or not you can be victim.
    And why does Apple have to change to SSL when they may still be susceptible to "man-in-the-middle" attacks anyway? Don't answer that. What's the point? Don't answer that either.
    I admire your depth Lawrence, but I'm not sure the solution is forcing all to use SSL for everything either way (but that's not your point, I know. You stated "Use SSL and use it properly, dammit!"). Banks sure, I want exploding computers and homing missiles protecting my account. But emails, you are wasting your time spoofing anything of mine not financial related. Good job Firefox for not accepting self-signed certificates.
    [ link to this | view in chronology ]
Kevin, 27 Aug 2008 @ 6:45pm

Re: Encryption
The sad thing is that most all of this encryption is virtually useless as the encryption protocols are out there for everyone who wants to know and use. Granted most of the "hackers" or "bad people " out there are not smart enough to use them.
[ link to this | view in chronology ]
Kaelyn, 13 Jan 2009 @ 4:33pm

Hey i am just commenting on your web site i am at school but it is Club house it is so much fun
[ link to this | view in chronology ]
Marius, 22 Feb 2010 @ 12:35pm

I think server side encryption is definitely necessary when sensitive information is being handled. Some people mistakenly think the presence of encryption software denotes a suspicious website, but in most cases the opposite is actually the case
[ link to this | view in chronology ]