6

I was in a discussion about SSL, and I was explaining that it's impossible to decrypt data sent over SSL if you don't have the key.

Someone responded with the following, that really confused me:

The important detail here is that there are hundreds of legitimate "master keys" out there that can be used to generate a valid key for a MITM scenario.

What are these master keys that can be used to generate a valid key? Never heard of them.

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209
BugHunterUK
  • 297
  • 2
  • 11
  • 5
    That sounds like tin-foil-hattery. I would ask them to back up that statement with some evidence ... – Mike Ounsworth Apr 05 '16 at 17:17
  • Moreover, many very smart people have spent decades studying RSA, Elliptic Curves, and the Diffie-Hellman key exchange. It would shock me if something like that slipped through. Unless they're being very liberal with the term "master keys" and mean something like planting a fake root cert on your computer. – Mike Ounsworth Apr 05 '16 at 17:20
  • The only "master key" that would really be possible would be if someone, somehow, installed their certificate as a root certificate authority on your machine and set up a proxy between you two. At that point, though, you have much bigger things to worry about if they were able to remotely install a certificate to your machine. – d0nut Apr 05 '16 at 17:21
  • Well, they said there are hundreds of master keys. Which is what I don't understand. – BugHunterUK Apr 05 '16 at 17:21
  • 3
    @BugHunterUK personally, it doesn't sound like they know what they're talking about, or as Mike put it: "tin-foil-hattery" – d0nut Apr 05 '16 at 17:22

1 Answers1

4

What that someone probably meant to say was:

There are a lot of certificate authorities out there, which's keys can be used to generate valid certificates.

While that is true, trusted CAs are not going to be trusted quite long when they hand out certificates to be used for MITM attacks (or, for that matter, do not comply with other rules regarding certificate issuance).

I think there was a CA that signed a sub-CA about a year ago that lost it's credibility rather quickly.

Also, CAs can generate valid certificates for keys (of their choosing, theoretically), but not valid keys for an existing certificate; that is considered infeasible for certificates with acceptable properties to begin with.

The whole trust chain concept only works if you put trust in the CAs, if you don't, you may call those "master keys", but that's a massive simplification and not quite right - they cannot unlock anything, "just" be used to sign valid certificates for a MITM attack.

For additional tin foil:

If "they" have somehow obtained keys from trusted CAs, "they" can in fact do some MITM. Yet, there are some mitigation strategies, for example public key pinning, which makes this harder for regular users of a website.

Tobi Nary
  • 14,352
  • 8
  • 44
  • 58
  • While I generally agree with this, there have been [plenty of problems with CAs issuing certificates they shouldn't](http://security.stackexchange.com/a/2273/16960). Additionally, many threat models would find issue with the many government-run CAs - should your computer [trust a certificate for google.com from the Chinese government](https://www.techdirt.com/articles/20150401/17461630518/google-completely-cuts-off-chinese-governments-certificate-authority-cnnic.shtml)? – Xiong Chiamiov Apr 05 '16 at 20:59
  • While I agree that trust sometimes leads to be abused, the incidents you linked (one of which I was thinking about when writing the answer) are good examples for "they are not trusted for long". – Tobi Nary Apr 05 '16 at 21:16
  • They're removed from the browser and OS stores quickly after being detected, but if you're concerned about targeted attacks (which most of us aren't), the vendors might go for a long time before ever becoming aware of the issue. But that's really just being nitpicky. – Xiong Chiamiov Apr 05 '16 at 21:18
  • I absolutely agree. Mind that HPKP, if carried out appropiately, can make this pretty hard. – Tobi Nary Apr 05 '16 at 21:24