Further evidence of Microsoft's lack of commitment on the security front

Floater · 08-10-2003 11:02am #1

I was browsing the European Central Bank website using a Mozilla 1.4 browser and noticed the connection had 256bit security using AES (Advanced Encryption Standard).

Visit the same site with Microsoft Internet Explorer and it only operates at 128bit (using RC-4)

Yet further evidence of Microsoft's lack of commitment on the security front!

Floater

https://www.ecb.int/mfi/

Free download: www.mozilla.org

ecksor · 08-10-2003 11:25am

Is 128 bit RC4 not good enough for web usage? Why not?

As an aside, can anyone figure out how do you go about comparing the strength of a good stream cipher with a good block cipher based on their respective key lengths?

Even based on the practical notion that you should be able to compare the strength of good symmetric key algorithms based on key length, AES's recommended mode of operation is 128 bit.

ecksor · 08-10-2003 11:30am

What I meant to point out is that if you're using IE (or indeed any web browser), then you have far more significant weaknesses to worry about then the strength of the cryptography being used anyway.

Floater · 08-10-2003 3:55pm

Originally posted by ecksor
Is 128 bit RC4 not good enough for web usage? Why not?

As an aside, can anyone figure out how do you go about comparing the strength of a good stream cipher with a good block cipher based on their respective key lengths?

Even based on the practical notion that you should be able to compare the strength of good symmetric key algorithms based on key length, AES's recommended mode of operation is 128 bit.

Mozilla supports 128bit too and one can control the max key size in the security settings. Who recommends a lower key size and one wonders why?

Floater

Floater · 08-10-2003 3:56pm

Originally posted by ecksor
What I meant to point out is that if you're using IE (or indeed any web browser), then you have far more significant weaknesses to worry about then the strength of the cryptography being used anyway.

Like what please?

Floater

ecksor · 08-10-2003 4:14pm

Originally posted by Floater
Mozilla supports 128bit too and one can control the max key size in the security settings. Who recommends a lower key size and one wonders why?

You skipped the question about why it wasn't good enough. I don't know why one mode is recommended over the other, but the issue isn't the size of the key but rather the number of rounds that is used. 128, 192 and 256 bit AES uses 10, 12 and 14 rounds respectively iirc.

Like what please?

If you restrict the conversation to just SSL for a moment, then I'd worry far more about authentication than the actual encryption on the wire. It's far easier for an attacker to negotiate a key with you and man-in-the-middle your connection or spoof the identity of who you think you're talking to than it is to try to crack your communication as things stand. The protection against this should be the chain of trust back to the root certification authorities assuming that the user checks this for each connection, but how many CA certs does your browser come loaded with nowadays? You trust all of them not to screw up? Check out versign's booboo of handing out a bogus microsoft.com cert a while back. I think quite a few of them are a little too weak in verification.

Leaving SSL aside, have you seen how many bugs are in an unpatched (or even a patched) IE? If a malicious site manages to plant some code on your machine then all bets are off. It's trivially easy to write a vb or vbscript wrapper around your copy of Internet Explorer that manipulates the event model to watch what you do or control the actions of your web browser. How many websites are automatically logged into with cookies by many users?

Anyway, I'm picking on IE here, but most browsers have had problems, not to mention that just about every browser is running on a modern operating system, so it's generally far easier to attack successfully than any reasonably strong cryptography ...

Floater · 08-10-2003 5:09pm

Originally posted by Floater
You skipped the question about why it wasn't good enough

My line of thought was rather unsophisticated and ran as follows:

Microsoft is being hauled to the courts by a customer who suffered ID theft because allegedly of the company’s poor security. This is probably one of many cases in the pipeline. Microsoft claim that they are pulling out all the stops on the security front, bla, bla, bla.

AES is a next generation on from RC4 and appears to be far more secure than the latter. If the Mozilla guys have managed to incorporate AES into their browser why not Microsoft? And given that they haven’t done so, it is not yet another example of their security recalcitrance?

While someone might try and break in though your window if you have a really good lock on the front door, the presence of windows in one's house is surely not a reason to have a poor lock on the door?

Floater

ecksor · 08-10-2003 6:56pm

Originally posted by Floater
AES is a next generation on from RC4 and appears to be far more secure than the latter. If the Mozilla guys have managed to incorporate AES into their browser why not Microsoft? And given that they haven’t done so, it is not yet another example of their security recalcitrance?

SSL is protocol agnostic, and two hosts talking SSL will negotiate what algorithms they want to use. Did you check that the ECB site doesn't prefer RC4 and that's why IE offered it? (Mozilla won't offer RC4 as an option if it's configured to just use TLS for example). I can't find a definite reference to say that IE doesn't use rijndael as an algorithm, but I'd find it surprising if it doesn't actually. I wouldn't see it as negligent though.

Floater · 08-10-2003 7:53pm

Originally posted by ecksor
SSL is protocol agnostic, and two hosts talking SSL will negotiate what algorithms they want to use. Did you check that the ECB site doesn't prefer RC4 and that's why IE offered it? (Mozilla won't offer RC4 as an option if it's configured to just use TLS for example). I can't find a definite reference to say that IE doesn't use rijndael as an algorithm, but I'd find it surprising if it doesn't actually. I wouldn't see it as negligent though.

I'm not suggesting that non-AES support for IE on W2K is convictable evidence of negligence on 08.10.03. It is just one of the many items that would appear on a rather long submission in support of a case of overall negligence if I was a plaintiff.

I have no problems with monopolies so long as they do a quality job at a reasonable price. BillG is a bright boy. etc

However I am sick of paying for new versions of Office software that incorporate the same old bugs which seldom get fixed. Security flaws seem to be on a par.

It seems to me that there is a systematic structural naivety within the organisation when it comes to security at best (rose tinted glasses on). Take the glasses off and I wonder if the monopoly position is at the root of the problem. If Floaters was a chain of restaurants and one of them had an e-coli outbreak, you can be sure that Floater would sort it out and it would never again happen. While OS and browser security is somewhat more challenging than keeping a restaurant clean and the food properly sourced and cooked, one doesn't get the feeling that they are putting the same effort into the job as someone who faced his business being closed down.

The big risks that MS are running now AFAICS are

1) Non compliance with open standards (restricting choice and portability) eg XML with added MS "features" that potentially disable files from working on other XML compatible software

2) Their existing market dominance

3) Lack of good security track record (the opposite) as documented in the media.

4) Copying independently developed technologies without license and incorporating them in their own products (restricting choice for these elements of functionality)

5) Not keeping up with latest developments such as AES and slow adoption of smart card security etc.

6) Lack of commitment to customer privacy (eg enforcement of Passport for support)

7) Lack of customer warnings about the privacy and security dangers of using their products or features of their products

8) The default settings they use.

If someone wants to pay me €500 / hr for my time I could keep growing this list until it spanned the length of the equator in 7pt font!

Floater

ecksor · 08-10-2003 8:01pm

Originally posted by Floater
If someone wants to pay me €500 / hr for my time I could keep growing this list until it spanned the length of the equator in 7pt font!

I don't doubt it, but it would also be a world away from the topic you started.

Floater · 08-10-2003 8:19pm

Originally posted by ecksor
I don't doubt it, but it would also be a world away from the topic you started.

That depends on your perspective. You appear to be looking at the issue solely from a component security systematic approach. I am looking at it from an end user / legal approach.

Microsoft have been good at the legal and bad at the security stuff since they started. I am hopeful that the tide will turn against them, leaving them perhaps better at security and with $10bn less cash on the balance sheet - much of which will end up in lawyers pockets!

Floater

ecksor · 08-10-2003 8:21pm

I'm looking at it from a "MS Internet Explorer weaker security than Mozilla" perspective.

I posted something about a potential class action suit and a "sea change" on this very forum a few days ago. The comments would make more sense there.

Floater · 08-10-2003 8:31pm

Originally posted by ecksor

I posted something about a potential class action suit and a "sea change" on this very forum a few days ago. The comments would make more sense there.

Your other thread didn't escape my attention.

Good night.

Floater

ecksor · 08-10-2003 8:40pm

Ah, you changed the thread title. It all makes so much sense now!!

Floater · 09-10-2003 8:20am

Originally posted by ecksor
Ah, you changed the thread title. It all makes so much sense now!!

One could observe your compartmentalized mind suffering so much anxiety with the progression of the thread. In the interests of not depriving you of sleep, I decided to copy the concluding sentence of the root posting to replace the original topic header.

Floater

quinta · 09-10-2003 2:43pm

People are forgetting that the encryption laws in America are vastly different to Europe and elsewhere. Exporting encryption strengths above 128-bit is currently not allowed. In Europe of course it is.

MS have err'd on the side of caution. This was the same before 128-bit strength keys were allowed to be exported outside of the States.

Also in most government and military departments encrypting unclassified information with strong encryption algorithms is an offence. You have to get approval prior to using the encryption.

ecksor · 09-10-2003 3:03pm

Originally posted by Floater
One could observe your compartmentalized mind suffering so much anxiety with the progression of the thread.

Don't test my patience.

Considering you have shown to have no understanding of the issues that you started with, you're on dodgy ground using them to progress anywhere.

scojones · 09-10-2003 3:16pm

"We're not fighting we're debating!@#"

Oh how the tides do change.

ecksor · 09-10-2003 3:34pm

Well, fair point, so let me rephrase then.

The link is based on some faulty premises shall we say. Citing the non-usage of AES is picking on one part of the IE browser that doesn't highlight some design or implementation issues in relation to security and using it to support an overall case of negligence.

If Microsoft are to change, then they should change for the right reasons and the complaints should be based on real issues, and not based on fixing non-problems. Microsoft aren't going to be compelled to change due to things that don't actually give people problems, or even by things that give individual users problems. The entire thing is going to come down to Money, and in particular the total cost of ownership issue that Gartner were annoying us constantly with at one point.

On the issue of a "sea change", I recall saying on this forum at one point that we should wait two years to see if the intiative towards securer computing within microsoft was having the desired effect. They're not there yet, but they're getting there, if perhaps a bit too slowly. I have a feeling that the two years is up by now though.

Further evidence of Microsoft's lack of commitment on the security front

Comments