"Fabro, Loic" <[EMAIL PROTECTED]> writes:
> As far as I know, the lastest SSL protocol is MITM-aware. That means that
> the protocol has mechanisms to avoid this issue.
> Before this last versionn, if I remember correctly (and I MAY be wrong!),
> the MITM attack could have worked if the user didn't not own a
> certificate..... Basically, if you connect to a SSL server like 99% of the
> people on the Internet, yes the MITM can occur. But if you want to use a
> really secure system, then you give a certificate to your users so that your
> SSL connection is really secure.
> I would think (I haven't checked!) that most of the browser support (by
> default) old versions of SSL. That means that the MITM can tell to the user
> "sorry, I only work with this (potentially unsecure) version of SSL, can we
> use it?". And then use whatever is needed to connect to the trusted web
> server. That's the same thing with Microsoft and the "encrypted network
> passwords over pptp" where you could tell to the server "I don't support
> encrypted password, let's move to clear text password communication".
Sorry, but this is pretty much totally wrong. Pretty much all deployed
SSL versions contained some sort of man-in-the-middle protection. What
newer versions (v3 and TLS) add is the ability to protect against
downgrade attack. Why is this relevant? If you're using passwords over
an SSL channel AND the attacker can force you to use 40-bit crypto,
then the attacker can potentially brute-force search the session key
and recover the password.
This isn't a MITM attack, however.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
