0

While trying to answer this question it occurred to me that while there's many good answers about the strengths and weaknesses of SSL/TLS in terms a security professional or software developer can understand, there's not many good responses that a layman might be able to properly understand.

For instance, we describe some variants of TLS/SSL as "insecure", which in the security world has a somewhat specialized meaning that might be summarized as "There's some known vulnerabilities that significantly degrade the security, and you should likely disable this variant on your servers.". A layman might interpret "insecure" as "simple to exploit", which isn't necessarily true.

So can someone provide a good layman's explanation as to the current security level offered by SSL/TLS? The answer should include the resources of the attacker, the effort, resources, and access involved, and (possibly) the cost.

The answer might also include other ways to achieve the same goal without attacking SSL/TLS, and risks we all take for granted every day. (My credit card, for instance, was compromised and used for fraud last year when Newegg got hacked)

Steve Sether
  • 21,480
  • 8
  • 50
  • 76
  • The last paragraph takes the question is a very, very broad direction and away from the core question. – schroeder Oct 07 '19 at 18:44
  • I get where you are going and the problem you are trying to solve, but I'm afraid your question might need some refining. Do you mean SSL/TLS in general? The current version and recommended ciphers? If in general, are we going to have to continually add new answers as new threats emerge? If the current version, are we really offering something that will survive the next emerging threat? – schroeder Oct 07 '19 at 18:45
  • 1
    I wonder if the real help to laypeople here is helping to describe the layers involved with SSL/TLS as a layer to consider. – schroeder Oct 07 '19 at 18:47
  • You should ban anything below TLS 1.2 if its under your control. – john doe Oct 07 '19 at 18:57
  • TLS is as secure as your private keys are (how well you can keep an adversary from obtaining them from your devices), or whoever can hack into a certificate authority, sign their own certificate, and do a MITM with that certificate (Which is nation state level). Or quantum computers become usable and all the key exchanges the NSA et al have collected can be cracked. – john doe Oct 07 '19 at 19:00
  • @schroeder For a layperson to understand this, they need it in terms of something they already understand. That is generally going to mean a very broad subject matter. – Steve Sether Oct 07 '19 at 19:21
  • 1
    @schroeder Though you might be right that TLS/SSL might be just too specific. – Steve Sether Oct 07 '19 at 19:22
  • @SteveSether broad language but not a broad scope. Your scope is huge. – schroeder Oct 07 '19 at 19:23
  • A layman isn't really the right person to understand this, it's like you are talking to senior management, they just want it works and a basic understanding. – tungsten Oct 07 '19 at 19:28
  • @schroeder As you might be aware, I'm not a fan of limiting scope too narrowly. In the technical world we're very guilty of the over-use of limiting scope in an attempt to simplify problems. – Steve Sether Oct 07 '19 at 19:28
  • @SteveSether then you need to more narrowly define your goals. Your scope, as stated, requires an immense scope of understanding of the potential answer. What you asked ranges far and wide. Complex problems do not have simple answers. But you are talking about an audience here that has limited foundations for understanding. As a teacher, you wouldn't craft a lesson with the scope you defined. – schroeder Oct 07 '19 at 19:33
  • @SteveSether it sounds like you are imagining an answer and its effects and trying to come up with a question that will trigger that answer. – schroeder Oct 07 '19 at 19:34
  • Interesting question. Instead of browsers simply showing a binary indication of whether or not a site is secure, it almost seems like a sliding scale is needed - i.e. maybe an indicator with multiple bars , akin to the indicator on cell phones to show the signal strength. The number of bars would be based on the strength of the TLS version and underlying ciphers and protocols used for the SSL/TLS connection, but simple enough for lay users to understand. – mti2935 Dec 30 '19 at 17:25

2 Answers2

2

What kind of security level does TLS provide, as of 2019?

Quite a good security level, under the assumption that the configuration is according to best practice. I'll try to explain what I mean using lay terms. This means I will stray a little bit from technical accuracy to make it more understandable for people who may not have a lot of experience in security.

TLS is not like Coca-Cola, it's like Steak!

When you go to the grocery store, and you go buy a can of Coca-Cola, you expect it to taste exactly like all the other cans of Coca-Cola you have ever drunk before. TLS is not like that! TLS is more like Steak. You had some good ones, you had some bad ones, and all of them taste different, depending on the meat and on how well it was cooked.

What that metaphor should show is that a question like "Is TLS secure?" is akin to asking "Does steak taste good?". The definite answer is maybe! You can have TLS that is considered very secure, and you can have TLS that offers no security whatsoever. Just like how you can have steak that tastes so amazing you will talk about it for a while, and how you can have steak that tastes like somebody put a shoe sole on a grill.

When do I know if TLS is secure?

The meat of TLS

TLS is based on ciphers, just like steak is based on meat. A cipher is a fancy term for throwing a bunch of cryptographic stuff together, but the details don't matter for a lay explanation. The first ciphers we made were bad. We didn't know how to made good ciphers, but we eventually learned from our mistakes. Modern ciphers are considered "more secure" than old ciphers, because more knowledge went into the new ones than into the old one's. (Just like how the first steak a chef cooks will not be as good as the 1000th steak).

TLS is considered secure, if it only allows good, modern ciphers. Old, bad ciphers can cause problems!

What does it take to attack TLS?

It depends on the ciphers being used. In the absolute worst possible case, this means that TLS is configured with a NULL cipher, meaning that no encryption or authentication is done at all. This shouldn't be accepted by clients anymore today, but if you run a very old and outdated system, it might.

In a more realistic "worst-case", it could be that TLS is configured in a way to use weak ciphers. While these ciphers are not trivial to crack, a sufficiently advanced attacker (think NSA, etc.) can certainly do it. If really weak ciphers are chosen, then even less sophisticated hardware may be necessary.

Should I, as a normal consumer, worry about TLS?

Most likely not! Modern phones and operating systems are configured in a way that they only allow good ciphers. The chance of an attacker being able to crack one of those to sniff your traffic is very, very, very small. It is currently not known if any of the Alphabet Boys (e.g. NSA, etc.) are able to crack any of those ciphers.

On the other hand, if you use Android 2.3 or Windows XP, then it is time to upgrade to something more recent. Aside from the numerous other reasons for switching away from a long obsolete system, these operating systems don't support any modern ciphers. To fit with our analogy, they're like a store that only sells horrible old "meat".

The only time you should worry is when you see errors related to TLS. It is most likely an error on the side of the server you are trying to connect to, but it might also mean someone is trying to spy on you.

  • Great answer, allthough, `It depends on the ciphers being used. In the absolute worst possible case, this means that TLS is configured with an an` something's missing here? – Nomad Oct 08 '19 at 13:48
  • 1
    @Nomad Thank you very much for catching that. I write my answers non-sequentially, often just adding stuff as I think of it. As a result, it might very well be that I forget to finish some parts. –  Oct 08 '19 at 14:26
0

TLS as a protocol is secure.

"Secure" is an answer that can only be answered by you and your Risk Assessment.

TLS is a low-level protocol and uses cryptography and is not for laymen. Use only known good secure cryptography/TLS software libraries and packages.

All(?) failures of TLS are due to implementation methods.

There are many good guides available for "tls best practices"

I personally like the work done by SSLABS and Highly recommend the book Bulletproof SSL and TLS

Always, ALWAYS check your work with diagnostic tools.

schroeder
  • 123,438
  • 55
  • 284
  • 319
jwilleke
  • 221
  • 1
  • 6