Quote from: Golden Applesauce on November 17, 2013, 05:18:02 AMQuote from: Remington on November 17, 2013, 03:20:36 AM
With recent NSA/Snowden leaks about the NSA potentially compromising Internet encryption standards, is SSL/TLS still considered to be safe/not backdoored? If there are backdoors, how likely would it be that they would be in the implementing application vs in the SSL/TLS standard itself?
Basically, is SSL still theoretically secure against an organization like the NSA?
The NSA had to work very hard to get data that was protected by SSL/TLS. They siphoned a ton of user contacts information from Yahoo! by tapping cables. They got much, much less of that same type of data from GMail, because GMail has users use SSL by default. They actually man in the middled a Google datacenter to bypass their SSL.
You might have seen this slide:
It was easier for them to sabotage the servers that Google was using to encrypt things than it was to break the encryption.
The weak point in a communication secured with SSL/TLS is everything except the SSL/TLS part. Malware on your computer**, malware on the server, stolen SSL certificates.
*SSL/TLS is a protocol for for two computers to agree on an encryption scheme, not encryption itself. Some of the older encryption algorithms are starting to show weaknesses, so those specific algorithms should be deprecated, but that doesn't affect TLS as a whole.
**Encryption makes it impossible to cache things, which makes thing slow. If you're an IT guy at a company and you have 1000 people hitting the same encrypted external website 100 times a day, you have to make 100,000 requests. If you cache it, you only have to make 1. But if you let the browser and the external server encrypt things, you can't tell when someone is making a duplicate request. So a lot of networks will actually man in the middle themselves to improve performance, by doing all encryption stuff at the point where the internal network connects to the internet. This includes some smartphone networks / browsers, where bandwidth is at a premium. You need less infrastructure, and it only comes at the expense of your user's security!
Very thorough, thanks for the reply!