alex · June 19, 2020 01:20 · Jun 11, 2013 · Jun 11, 2013 · Jun 11, 2013 · Jun 11, 2013
diff --git a/gistfile1.rst b/gistfile1.rst
@@ -2,7 +2,7 @@ Guide to how fucked is SSL?
 ===========================
 
 *Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain
-Memon, and Chris Armstrong for review*
+Memon, and Chris Armstrong for review.*
 
 
 This is a guide for technical individuals to understand in what circumstances
@@ -40,7 +40,9 @@ Verisign gives the NSA their private key
 
 If this happens, then the NSA is able to sit between you and google.com and it
 can rewrite all of google.com's traffic to say that it's certificate is some
-other one, which they created and signed using Verisign's private key.
+other one, which they created and signed using Verisign's private key. Note
+that this works for any CA, it doesn't have to be the CA that signed
+google.com's original key.
 
 This requires an **active** observer.
 

diff --git a/gistfile1.rst b/gistfile1.rst
@@ -1,6 +1,10 @@
 Guide to how fucked is SSL?
 ===========================
 
+*Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain
+Memon, and Chris Armstrong for review*
+
+
 This is a guide for technical individuals to understand in what circumstances
 SSL communications are secure against an observer-in-the-middle (for all
 intents and purposes: the NSA).

diff --git a/gistfile1.rst b/gistfile1.rst
@@ -1,9 +1,6 @@
 Guide to how fucked is SSL?
 ===========================
 
-*Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain Memon,
-and Chris Armstrong for review*
-
 This is a guide for technical individuals to understand in what circumstances
 SSL communications are secure against an observer-in-the-middle (for all
 intents and purposes: the NSA).
@@ -24,7 +21,8 @@ What types of observers are there?
 
 There are two types of observers-in-the-middle (OITM), active and passive:
 
-**Passive** observers merely record all traffic, they in no way alter it.
+**Passive** observers record all traffic (either decrypted, or for later
+decrypting), they in no way alter it.
 
 **Active** observers read all messages, decrypt them (if encrypted), possibly
 rewrite them, record them, re-encrypt them (if originally encrypted) and send
@@ -91,4 +89,4 @@ thwart attacks. If the NSA broke RSA or has a lot of computers, we're all
 fucked.
 
 Remember: google.com is just an example, and computer refers to any networked
-device (e.g. your phone, your tablet, your television...).
+device (e.g. your phone, your tablet, your television...).
diff --git a/gistfile1.rst b/gistfile1.rst
@@ -1,8 +1,8 @@
 Guide to how fucked is SSL?
 ===========================
 
-*Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, and Chris
-Armstrong for review*
+*Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain Memon,
+and Chris Armstrong for review*
 
 This is a guide for technical individuals to understand in what circumstances
 SSL communications are secure against an observer-in-the-middle (for all

diff --git a/gistfile1.rst b/gistfile1.rst
@@ -1,6 +1,9 @@
 Guide to how fucked is SSL?
 ===========================
 
+*Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, and Chris
+Armstrong for review*
+
 This is a guide for technical individuals to understand in what circumstances
 SSL communications are secure against an observer-in-the-middle (for all
 intents and purposes: the NSA).

diff --git a/gistfile1.rst b/gistfile1.rst
@@ -12,8 +12,9 @@ The way SSL works is that when you got your operating system or browser, it had
 a list of Certificate Authorities (CA), basically a list of public keys. At
 some point google.com bought an SSL certificate from some CA, say Verisign,
 Verisign signed google's private key. When you make a connection to google.com
-it verifies that the SSL certificate it provides really was signed by Verisign,
-and all communication is encrypted using standard public key cryptography.
+it verifies that the SSL certificate it provides really was signed by a root
+certificate, and all communication is encrypted using standard public key
+cryptography.
 
 What types of observers are there?
 ----------------------------------
@@ -23,7 +24,8 @@ There are two types of observers-in-the-middle (OITM), active and passive:
 **Passive** observers merely record all traffic, they in no way alter it.
 
 **Active** observers read all messages, decrypt them (if encrypted), possibly
-rewrite them, record them, and send them on to their destination.
+rewrite them, record them, re-encrypt them (if originally encrypted) and send
+them on to their destination.
 
 How can SSL be fucked?
 ----------------------

diff --git a/gistfile1.rst b/gistfile1.rst
@@ -83,4 +83,7 @@ Conclusion
 If the NSA has google.com's private key and is performing an active attack then
 you're screwed. Against a passive attack PFS and certificate pinning will
 thwart attacks. If the NSA broke RSA or has a lot of computers, we're all
-fucked.
+fucked.
+
+Remember: google.com is just an example, and computer refers to any networked
+device (e.g. your phone, your tablet, your television...).
diff --git a/gistfile1.rst b/gistfile1.rst
@@ -40,8 +40,9 @@ This requires an **active** observer.
 *Prevention*: This can be prevented by using **certificate pinning**. Pinning
 works by requiring that a given host must be identified by a specific public
 key. There is currently no general, widely deployed, mechanism for certificate
-pinning. Google Chrome includes a list of pinned hosts, and `tack.io`_ is a
-proposal for a general purpose pinning system.
+pinning. Google Chrome includes a list of pinned hosts, and
+`tack.io <http://tack.io/>`_ is a proposal for a general purpose pinning
+system.
 
 google.com gives the NSA their private key
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/gistfile1.rst b/gistfile1.rst
@@ -0,0 +1,85 @@
+Guide to how fucked is SSL?
+===========================
+
+This is a guide for technical individuals to understand in what circumstances
+SSL communications are secure against an observer-in-the-middle (for all
+intents and purposes: the NSA).
+
+How does SSL work?
+------------------
+
+The way SSL works is that when you got your operating system or browser, it had
+a list of Certificate Authorities (CA), basically a list of public keys. At
+some point google.com bought an SSL certificate from some CA, say Verisign,
+Verisign signed google's private key. When you make a connection to google.com
+it verifies that the SSL certificate it provides really was signed by Verisign,
+and all communication is encrypted using standard public key cryptography.
+
+What types of observers are there?
+----------------------------------
+
+There are two types of observers-in-the-middle (OITM), active and passive:
+
+**Passive** observers merely record all traffic, they in no way alter it.
+
+**Active** observers read all messages, decrypt them (if encrypted), possibly
+rewrite them, record them, and send them on to their destination.
+
+How can SSL be fucked?
+----------------------
+
+Verisign gives the NSA their private key
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If this happens, then the NSA is able to sit between you and google.com and it
+can rewrite all of google.com's traffic to say that it's certificate is some
+other one, which they created and signed using Verisign's private key.
+
+This requires an **active** observer.
+
+*Prevention*: This can be prevented by using **certificate pinning**. Pinning
+works by requiring that a given host must be identified by a specific public
+key. There is currently no general, widely deployed, mechanism for certificate
+pinning. Google Chrome includes a list of pinned hosts, and `tack.io`_ is a
+proposal for a general purpose pinning system.
+
+google.com gives the NSA their private key
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If this happens then the NSA is able to read all encrypted traffic to and from
+google.com.
+
+This works with either an **active** or **passive** observer.
+
+*Prevention*: This can be prevented by **perfect forward secrecy** (PFS).
+Essentially PFS works by using two secret keys, the private key, and a second,
+per session key, exchanged using a Diffie-Hellman key exchange. This will
+protect against **passive** observers, but is still vulnerable to **active**
+observers.
+
+The NSA has a lot of computation power
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The NSA is able to read individual messages, reading all traffic would
+(probably) be too much computering.
+
+This works with either an **active** or **passive** observer.
+
+*Prevention*: Increase key-sizes used in certificates.
+
+RSA is broken
+~~~~~~~~~~~~~
+
+We're all fucked.
+
+This works with either an **active** or **passive** observer.
+
+*Prevention*: Turn off your computer.
+
+Conclusion
+----------
+
+If the NSA has google.com's private key and is performing an active attack then
+you're screwed. Against a passive attack PFS and certificate pinning will
+thwart attacks. If the NSA broke RSA or has a lot of computers, we're all
+fucked.