Father of SSH Says Security Is 'Getting Worse'

alphadogg writes with an excerpt from an interview with the designer of SSH-1: "Tatu Ylönen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)"

ssh

- But what if anything could replace the SSL certificate infrastructure?
- For consumers in the short term, no. But SSH is an option, especially for automation. It would require an extension to SSH. I actively proposed it to replace SSL 15 years ago but I was basically railroaded at the IETF by Microsoft and Sun!

"...Imagine all the people
browsing through SSH, uh uh u-uh uh"

Re:ssh

[garyisabusyguy]

implementation and usage are the weakest links in any security plan

any given encryption tool can be made weak in implementation by using short keys or failing to salt the encryption

any security infrastructure can be made weak by users who send email in clear text, directly exchange passwords in the same medium the password is used for, continue to use telnet or ftp when ssh and sftp are available

It makes me happy to think about a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

Re:ssh

[QuantumRiff]

There is nothing wrong with SSL.. it works well to encrypt traffic between sites. its the way we manage the certificates that is ugly, and prone to lots of attacks and hacks. (How many Root CA's are automatically trusted by a browser?)

Just using DNSSEC to store the public keys for SSL would be a huge step up. No more trusting a company in the netherlands that signed your key for gmail.com. Just look it up in DNS. (yes, people could I guess hijack DNS), but that should be detected pretty quickly by comparing the keys between different computers in different regions.

Most people just want to encrypt the traffic between themselves and www.$x.com, and that the server that claims to be www.$x.com is the same one in DNS. I could really care less that www.$x.com is actually the company residing at a verified address, with letterhead, etc. Basically, domain validated certificates (which are pretty common for SSL now) shouldn't use a CA anymore.

Re:ssh

It makes me happy to think about a completely secure computer system with NO USERS since that is the only way that you could possibly make a system secure

Then you should be pleased to know that RIM has been making great strides on their implementation of this idea. It might even be finished within the next year.

Re:ssh

[EyelessFade]

The full SSL specification also states that both parties have an trusted certificate. Its a 20-something step handshake. only two of those are sending user data. This is not used in todays web

Re:ssh

[vlm]

Most people just want to encrypt the traffic between themselves and www.$x.com, and that the server that claims to be www.$x.com is the same one in DNS. I could really care less that www.$x.com is actually the company residing at a verified address, with letterhead, etc.

Well, somebody's outed as not being able to answer "What a man in the middle attack?"

Re:ssh

[aix+tom]

As someone who as seen Firefly, it isn't even enough to live with a man 40 years. Share his house, his meals. Speak on every subject.

You have to tie him up, and hold him over the volcano's edge. And on that day, you will finally meet the man.

Re:ssh

[NatasRevol]

How secure is your md5 hash?

Re:ssh

[mlts]

SSL by itself is secure. However, it would be nice to have it allow to be implemented in a WoT fashion similar to PGP/gpg.

This way, I go to my banks's site. I'm 100% sure that the key is genuine because that is what shows up, and that the bank prints the fingerprint of the key for people to see when visting a branch. So, I sign the bank's key.

I go to another site. The key for the server is unknown, but I have 2-3 semi-trusted CAs all agree that the key is whom it is supposed to be. The threshold I set allows the SSL transaction.

I go to a third site, one CA says the key is OK, but nobody has zero clue about it. The threshold set will warn the connection is encrypted, but untrusted. Since it is just the listings for when the local vomitorium is open, the risk is acceptable.

The fourth site, a friend signed the key, but completely distrusting it. The Web browser refuses to go to the site, or if allowed to, shows that anything from there is suspect. A link leads to a discussion on this. After several people mention this on another forum, the owners of the site with the bad cert find that their DNS server was compromised as well as the CA they were using.

I wish SSL had this functionality in it. Since it is a superset of having root keys and a CA hierarchy, existing stuff would work. A compromised CA's damage would be greatly limited.

Re:ssh

[hairyfeet]

But don't forget the flip side of that argument, the BOFHs that make things so much of a PITA either the users are gridlocked and can't get dick done or they actively go out of their way to break the security just so they can work.

I'll never forget an old programmer friend of mine who told me about taking some of the students he was teaching over to check out this big corporate software firm. on and on and on the BOFH giving the tour talked about how incredibly secure his place was, with crazy password rules and just one nasty thing after another until mike said "You give me 15 minutes in this place and I bet you $100 and a steak dinner i CAN get into your systems".

Well sure enough the BOFH took him up on it and let him loose for 15 minutes while he took over the tour. In 10 he was back with a dozen working username/password combos, including one for one of the higher level guys that would have pretty much given him the keys to the kingdom. When the BOFH demanded he show him how he did it, know what he did? he just went and started flipping keyboards and there were the passwords because nobody could keep up with them thanks to his crazy rules.

So its always a balancing act between making a secure system and making an unusable one. After all you could make a corp the most secure system in the world by simply cutting the power to the PCs and locking them in a vault but they wouldn't be doing the workers much good then, will they?

Re:ssh

[pakar]

Yes, the formulas taste much better with a bit of salt.

How is this quantifiable in any stretch?

[colin_faber]

If you think about it, the issues with key infrastructure are nothing new, they've been there since day 1, and in fact the same can be said about the micro-controllers which are now being regularly exploited by big brother.

User/Device security is no more or less "secure" than it was back in 1995, actually I'd argue that it's getting better as it's more widely adopted (when was the last time you used rsh?). In general it's always an evolving process.

We still don't have a practical way of breaking high bit crypto, and in general I feel plenty safe with my 1024 bit ssh connections to my LAN machines =)

Re:How is this quantifiable in any stretch?

[mpfife]

| User/Device security is no more or less "secure" than it was back in 1995,

I disagree. The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient. New techniques and systems are constantly being built to attack these methods. While I'm not saying SSH is bad or outdated, I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots. What if at 51200 bit security, we find an aweful and damnin patter appears in the math? We still cannot prove that any of these particular methods for cryptography today couldn't be completely broken wide open with a numerical discovery tomorrow (while we are pretty sure it can't).

We mustn't fall into the trap of thinking that what is good enough today is good forever. Have as many irons in the fire being tested and competing is the best way for your protection today and tomorrow.

Re:How is this quantifiable in any stretch?

[colin_faber]

Right but we're no where near that point. Even 128 bit keys are huge mountains to climb with the most powerful systems on the planet.

I don't think anyone is saying that security research in the realm of computer science is settled, but saying the sky is falling and security hasn't kept up with improvements in overall compute power is false.

Just like today, back in 1995 if keys were stolen then you have a chance of being exploited some how. Is there a better method to prevent such problems? Probably, but it's a MINOR issue.

In most cases attackers don't bother with crypto systems, in favor of much lower hanging fruit (such as insecure web servers, sql injection exploits, etc).

Re:How is this quantifiable in any stretch?

[Sloppy]

If you think about it, the issues with key infrastructure are nothing new, they've been there since day 1

And that's why PRZ started trying to address it, many years before ssh existed. But for some reason in 1995 people decided to not build upon the current (1988-1990, roughly) state of the art in establishing key trust, or the lack thereof, or the realistic acknowledgment of degrees of trust that exist in between "I'm sure" and "I have no idea."

People wanted it dumbed down into incorrectly telling users "be sure" in cases where they would have no reason to actually be sure. And now their shocked that after programming the computer to lie by oversimplifying things, sometimes it does lie by oversimplifying things.

Re:How is this quantifiable in any stretch?

[Hatta]

The amount of compute time rises dramatically each year (Moore's law), it is not good enough to simply 'tread water' and just upping the key length are sufficient.

There's a limited amount of energy in the universe, and a lower limit on how little energy you can use to do a calculation. Even the most optimistic estimate will show that brute forcing AES-256 will consume all the energy in the visible universe.

I'm saying that cryptanalysis and raw compute has not stopped chipping away at the corners and weak spots.

Which is good, there's a lot fewer corners and weak spots now than there was in 1995 because of all that work.

What if at 51200 bit security, we find an aweful and damnin patter appears in the math?

That's no more likely to happen now than it has been in the past.

it's because people don't value it.

I try to get my college buddies to send me encrypted email, and it's the same story, "Dude, just use Facebook like everybody else". I have a Facebook but stopped using it because I don't want FB snooping all my communications!

Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

Slashdot peoples care, but outside that crowd, people value convenience, not security or privacy. That's the only way so many privacy-violating services have become so huge when there are alternatives that preserve your privacy.

98% of people in the 22-29 year old age bracket now use Facebook. Most of those use it as their primary means of communicating with friends, and you're now considered "abnormal" if you don't have a Facebook. Even if you explain it to them the pitfalls of FB they don't care.

Until people start to care about their security and privacy, they won't have any. You have to vote with your actions.

Re:it's because people don't value it.

[Vellmont]

Don't worry. Eventually there will be a huge FB breach of privacy story where FB starts selling all your info to the highest bidder. People will be outraged, FB will try to spin it into a non-story. Then another one will happen. Eventually people will over-react and FB will become the new Microsoft, with large amounts of people openly hating them. But unlike Microsoft the don't really have any powerful monopoly on anything where people can't just use something else. Eventually it'll suddenly become cool to NOT have a FB account, and people will turn to some other form of socialization online.

Re:it's because people don't value it.

[Yvanhoe]

I scared a group of doctors telling them "I guess that you have some facebook friends who are former patients. I am sure that the list of your friends that are not health professionals is worth something to insurance companies."
"but they would not! It would be illegal!"
"In your country it is (we were in Japan) but which jurisdiction is Facebook operating in? Are you sure it is illegal there? Do you even know how Facebook makes its profits?"
When I had this discussion I was already thinking I should just surrender, stop clinging to privacy, just stop caring, put my emails on gmail, my personal files in the cloud and vamos...
But one doctor there said that she was very happy that an IT professional gave them these advices and pointed the issues they were not suspecting.
I wonder if we won't see, in the next years, a facebook scandal that will reveal to the world the kind of things that us geeks keep shouting to everyone. Most people are simply not aware of how much they are screwed.

Re:it's because people don't value it.

[Cid+Highwind]

Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

WHAT alternatives? Where's a one-stop "download client (available for all major desktop/mobile platforms, of course), punch in your buddies' pseudonyms, and start an encrypted point-to-point VOIP conference" alternative to Skype? Where's Diaspora? (I know, perpetual beta) Where's crypto-twitter?

Until people start to care about their security and privacy, they won't have any. You have to vote with your actions.

There's a slight problem with that: network effects mean that the value of a communication channel scales with some power of the number of people who use it. Kim Kardashian (thanks to her huge twitter following) probably has more "votes" than all of Slahdot put together.

Re:it's because people don't value it.

[jareth-0205]

Privacy disappears because people don't value it. If they did, they wouldn't be using Facebook for all their communications. If they cared, they'd be using encrypted point-to-point VOIP for voice, not Skype. If they cared, they would be using OTR and Pidgin for chat.

It's all very well sitting there talking about people not caring, but people have other things to do, and frankly it's not unreasonable to want methods of communication to be as easy as possible. Skype became popular because it worked behind firewalls without configuration when all other VOIP needed ports forwarding and other fiddling. Facebook took over messaging because it is similarly much easier to find and keep track of people without managing your own address book for hundreds of changable addresses. I honestly *still* don't know how to do encrypted email, it's just not clear.

We as an industry haven't given people easy ways to do these things. It is *our* fault, not theirs.

Re:it's because people don't value it.

[NatasRevol]

The names will change.

I doubt the security level will.

Re:it's because people don't value it.

[betterunixthanunix]

There's a slight problem with that: network effects mean that the value of a communication channel scales with some power of the number of people who use it

Which is why standardized protocols are so great. Email is immensely popular, not because Email, Inc. has lots of users, but because anyone can implement email -- there is no monopoly, just a good protocol.

Too bad social networking systems try to divide people by not interoperating.

Re:it's because people don't value it.

[NatasRevol]

Kim Kardashian (thanks to her huge twitter following) probably has more "votes" than all of Slahdot put together.

And she gets laid more often!

Re:it's because people don't value it.

[tlhIngan]

We as an industry haven't given people easy ways to do these things. It is *our* fault, not theirs.

Exactly. Even in the geek world this is true.

Want to know why SSH is the premier protocol for remotely doing stuff? Because it does it all so easily. If you used rsh, or telnet, forwarding an X session was fraught with danger and extremely tricky, having ot mess with xhost or other xauth crap.

With SSH, you just add -X. Done. Easy.

Ditto with proxying - SSH supports SOCKS or manual port forwarding. The other protocols require running programs manually - they can't tunnel traffic through an existing connection (also handy if you're firewalling stuff - it's easy to just open one port for your SSH server rather than many).

When it's easy to do, people will do it.

People don't understand what security is.

[gurps_npc]

Let's start with a basic, real world example.

I have a home. On this home there is a lock.

Now, an ignorant fool might think the lock is there to keep other people out. Nope, they are wrong. You see, in addition to my lock, I have windows, doors, a roof and floors, and walls. None of them are made of unobatanium.

An intelligent 5 year old child, with no training whatsoever can break my window and climb into my house.

My lock is there fore two distinct purposes:

1. It tells the world that this place is private - that the owner does not want anyone to enter it and will try to punish those that violate it's privacy. It's a sign.

2. It lets me get into my house easily, while making it much more difficult for anyone else to get in without leaving clear and obvious signs that they have trespassed (i.e. a broken window.)

That's what the locks on my home do - notify the world of my privacy and create traceable evidence of a violation of that privacy.

We need to start using IT security for the same purpose. Among other things, that means that when you log on to any website, it should list the last time you logged, and from where (using either an IP address and/or a cookie to identify the device used).

I don't want, nor do I need, an unbreakable password. I want to know when I've had a trespasser.

Re:People don't understand what security is.

[Vellmont]

The problem with your analogy is that your house doesn't need to be super-dupe-secure because nobody has invented anonymous, instantly replicable robots that roam the countryside looking for open windows, and equipped with high speed glass cutters, valuable item detectors, and phone-home capabilities to alert a human when further action is warranted. This is routing on the internet.

This is the threat to you email address or bank account has to deal with. In your home you merely have to deal with the people around you who might rob you, and the occasional opportunistic criminal. On the internet, everyone is basically the same distance from everyone else, automation is cheap, and anonymity is common. Think that might lead to the need for more security than easily breakable glass windows? If all my shit is gone from my house, but my window is broken, I'm still not terribly happy that the thief was kind enough to let me know through the broken window.

Re:People don't understand what security is.

[cbiltcliffe]

So somebody breaks in, changes your password, and you change it back from the computer you used last week.
The computer used to break in was used only a few days before, so it's on the approved list to log in with the old password.
You see where I'm going with this?

Under this system, the attacker would gain permanent access to your account, as long as they logged in once a week.

If this is your idea of a "good method" to prevent an attacker from changing your password, I'd suggest the subject line of this thread describes you perfectly....

Security getting worse

[mpfife]

I would largely agree. Unfortunately, I believe it is because real security - cryptography and end-to-end security and privacy - are very difficult, and hence, very expensive to develop, implement, and test. My experience with such coding is that it's every bit, if not more, rigorous as code written for medical devices or flight control software. It simply has to be bulletproof. Any one hole in the theory, algorithm, or implementation - and the whole thing comes apart. Learning about all those possible holes and plugging them is a herculean task. One can point to the near constant stream of security patches for every browser, app, and OS on the market. And these are the best-funded commercial enterprises around.

Another huge problem is the 'meh' attitude people have towards their personal information. We throw our data around so willy-nilly on smart phones and social networks. We check in places that tell everyone where we are (or are not http://pleaserobme.com/ ), publicly publish our most intimate family and friend relationships, report where we live and work, we even identify people to image recognition software. One expert I heard said that he could not imagine a more dastardly personal information monitoring system than Facebook. And we WILLINGLY give that information away. Google reads your emails and all the documents you upload to their 'free' services. Websites use everything they can to target ads at you, etc.

The unfortunate part, as my CS security professor pointed out, is that by the time it crosses an ethical line - it's nearly impossible to stop. Even worse, what if the company you gave all that info too gets sold to a very un-scrupulous person in a country with no protections? What if your government is taken over and they raid these databases for information about dissenters? All of these things are real, happen today, and yet we consider it more important to be able to brag to our friends and family what we had for dinner last night than protect ourselves.

Re:Tatu Ylönen has garnered fame ...

[PolygamousRanchKid+]

"SSH" is definitely worthy of a design patent. Look at those "curved corners" of the "S" . . . artistically contrasted against the sharp corners of the "H".

A lot of creative intellectual property work went into that, and the creator should be rewarded with all rights to that.

The estate of the late Heinrich Himmler has challenged this in court, however.

Re:ssh is the reason for insecurity

[0123456]

If IPSEC wasn't one of the worst designed-by-committee-throw-in-the-kitchen-sink monstrosities ever produced, it would be more widely adopted.

Just getting two of my Linux boxes to talk IPSEC to each other took a couple of days, because there are about a bazillion different combinations of parameters and if any of them are wrong it doesn't work and doesn't provide any easy means of figuring out why it doesn't work.

It's also a 'security' protocol which allows you to send unencrypted data, so even if you do use it you can't readily prove that you have a secure connection unless you monitor the traffic.

There's a reason why we use SSL and SSH instead.