From: robert@outpost24.com
Date: Mon Jun 04 2007 - 04:35:45 EDT
The weaknesses known for SSLv2 are independent of the service behind it.
SSLv2 weaknesses are talked about here:
http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm
_3.1.4.1 SSLv2 vs. SSLv3/TLS_
The first public version of SSL, version 2, suffered from a number of security flaws, which have been fixed in SSLv3. As browsers nowadays still support SSLv2, and as it is still in use in some systems, we briefly sum up its security problems:
· the same cryptographic keys are used for message authentication and for encryption, which means that in export mode also the MACs are unnecessarily weakened (due to U.S. export restrictions, the symmetric key length that could be used in Netscape and Internet Explorer was limited to 40 bits. If the restricted data encryption key is also used for message authentication, the security of the MACs is also crippled, although this was not required by the U.S. export restrictions);
· SSLv2 has a weak MAC construction and relies solely on the MD5 hash function;
· SSLv2 does not have any protection for the handshake, so that a person-in-the-middle attack cannot be detected;
· finally, a truncation attack is possible, as SSLv2 simply uses the TCP connection close to indicate the end of data, so that the attacker can simply forge the TCP FINs and the recipient cannot tell that it is not a legitimate end of data (SSLv3 fixes this problem by having an explicit closure alert).
Robert
--
Robert E. Lee
Chief Security Officer
http://www.outpost24.com
phone: +46-455-61-2320
fax : +46-455-1-3960
email: robert@outpost24.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT