-3

Since SSL can be decrypted easily using a basic man in the middle node, whats the reason to continue using it? Don't most ISPs decrypt on a daily basis using Deep Packet Inspection? And isn't it possible to put a MITM node at any hop along the packet route (not just ISP) to decrypt therefore making SSL completely unsecure.

Matt B
  • 99
  • 1
  • 1
  • 8
  • 2
    This is wrong. You can't just "add a MITM node" to decrypt SSL, otherwise - as you stated - it would be of zero use. Check this link for example: http://stackoverflow.com/questions/14907581/ssl-and-man-in-the-middle-misunderstanding – Lenniey Apr 04 '17 at 14:10
  • 1
    SSL underpins most security on the WEB today, SSL cannot be easily decrypted using a Man in the Middle attack. – Michael Brown Apr 04 '17 at 14:13
  • 2
    I don't think MITM attack can be carried out as easily as you say, see @Lenniey's comment and the Q&A he links to. The fact that it is *possible* to crack in some cases does not mean it *will* be cracked. You should at least *attempt* to use SSL as it does provide additional security and learn about possible pitfalls and how to avoid them. Browsers will warn users about some dangers, and when decryption and reencryption occurs, it is often possible to detect it at least. – simlev Apr 04 '17 at 14:16
  • 3
    You can 'decrpyt' it this way, but the certificate would not be trusted, as it would not belong to the source, but rather signed by the MITM. Signing it with the original would require the MITM to have the private key of the source. – mzhaase Apr 04 '17 at 14:16

2 Answers2

1

Since SSL can be decrypted easily using a basic man in the middle node,

Depends a bit on what you mean. The latest version of SSL, SSLv3 has serious vulnerabilities, like POODLE which you may be thinking of. The current version of the protocol is TLS 1.2, but even though the name changed in 1999 it's still often called SSL. We should really stop doing that and use the proper name.

With current versions and proper configuration, an MitM attack isn't that easy. The certificates are there so that the user (or their software) can identify the remote end. In addition to intercepting the connection, you'd need a valid certificate, trusted by the software. Of course, with the CA infrastructure being what it is, any CA can create one. Until they are removed from the trusted lists, that is. Luckily, there are developments on this, such as certificate pinning etc.

whats the reason to continue using it?

For SSLv3, absolutely no reason. For TLS 1.2, it's the best we have.

Don't most ISPs decrypt on a daily basis using Deep Packet Inspection?

That would likely be illegal in many jurisdictions.

ilkkachu
  • 306
  • 1
  • 8
  • So if TLS 1.2 is secure, how does deep packet inspection on TLS packets work as I know its possible as I have seen it myself.. Or am I just getting confused with SSL still? – Matt B Apr 12 '17 at 15:01
0

Besides the obvious reason why you should use an SSL to protect your website visitors data, it has other benefits. It is said that having an SSL certificate boosts your SEO, in fact Google announced that it will begin to give a ranking boost to SSL-secured websites. SSL also protects against phishing. Phishing e-mails usually contain a link to the criminals website, by impersonating your website. When your using SSL it’s practically impossible for them to impersonate your site perfectly. SSL also gives your webshop trust indicators, such as HTTPS and, if you have an EV certificate, a green address bar.

SSL decryption is done to get visibility of encrypted traffic so that you can detect malware, prevent data loss, monitor applications and more. It's not easily done, you can only decrypt SSL traffic if you have the certificate. So only the owner of the site can do it, or someone who steals the certificate and you will need specialized equipment for that, for example Ixia's SecureStack.

Oron Zimmer
  • 154
  • 4