Topic: - on February 21, 2003 at 7:24:51 AM CET
SSL cracked
Net security software exposed
The most commonly used security system to protect passwords over the internet has been cracked by researchers at one of Switzerland's top technology universities.
A team at the Federal Institute for Technology in Lausanne said they had been able to decipher a password in less than an hour.
"It is the first time we have noticed a security problem in the SSL protocol itself and not in how we use it or how we implement it," Professor Serge Vaudenay, director of the institute's security and cryptography lab, told the BBC.
... Comment
1. Unsecure transaction: the browser knows it's using a normal, unsecure connection so when you send an order containing your credit card number it sends "1234-5678-1234-5678" in plain text to the server.
2. Secure (SSL) Transaction: the browser knows it is using a secure connection for this form. The browser converts "1234-5678-1234-5678" into a seemingly random collection of characters like "e$$%0lj*&*(#foij" and sends it to the server. The server receives "e$$%0lj*&*(#foij" and converts it back into "1234-5678-1234-5678".
... Link
... Comment
