Bank transactions on Internet
Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism. What about banks in US and Europe, how many of them are using Internet and WWW to offer their services already? Is it possible to use WWW forms to make real transactions or can you just view your transaction history and account status? In case the banks are using WWW forms and SSL, are the services limited to 128-bit clients? How is the client authentication handled? Does the client just get a plain username and password? I had a look at some banks like Security First National Bank and some others, and it seems that they use just SSL + username/password for they banking services. Does this really work, especially with 40-bit keys? SSL with client certificates would seem a little bit more secure once it is available, but still not secure enough for real banking on Internet. Just curious (and confused), Juri Kaljundi jk@digit.ee
Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism.
That seems very silly. Considering that you folks have no laws preventing you from using better I would suggest not doing something so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the recent paper on key lengths points out. Perr
Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism.
Please point these banks to Apache-SSL (http://www.algroup.co.uk/Apache-SSL/). They can run SSL without using 8-cent RC4. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.net/ (or login as "guest") sameer@c2.net
On Mon, 8 Apr 1996 sameer@c2.org wrote:
Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism.
Please point these banks to Apache-SSL (http://www.algroup.co.uk/Apache-SSL/). They can run SSL without using 8-cent RC4.
What is the use of 128-bit server, as there are still no 128-bit WWW clients freely available in Europe? (Workhorse has 128-bit SSL, but the client is still far from perfect). Of course I believe that SSL server with source code available is still much more secure, as your own consultants can have a look at the code, that's why I personally would rate Apache-SSL higher than commercial applications like Thawte consulting Sioux. Jüri Kaljundi jk@digit.ee
On Apr 8, 2:04pm, Perry E. Metzger wrote:
Subject: Re: Bank transactions on Internet
Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism.
That seems very silly. Considering that you folks have no laws preventing you from using better I would suggest not doing something so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the recent paper on key lengths points out.
Perr -- End of excerpt from Perry E. Metzger
I can verify that Security First Internet Bank uses 40-bit SSL + Username/Password. Their HTTP server also supports 128-bit SSL, however they do not suggest one over the other. I took it upon myself after opening an account with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make transactions over the net and SFNB does not limit you to 128-bit. Is it really that easy to break 40-bit? Don't you need access to a "fair amount of cpu power" to brute force crack 40bit? As far as I know client authentication is strictly username & password. What other authentication system exists?? J.R.Weaver
"JR Weaver" writes:
Is it really that easy to break 40-bit? Don't you need access to a "fair amount of cpu power" to brute force crack 40bit?
The rest of this article is a direct quotation from Blaze et al in the paper they wrote on minimal safe key lengths. Note that they show that it is easy enough to make a cracker that costs eight cents (CENTS!) per solution, and not that hard to get it down to 1/10th of a cent! Full paper at: ftp://ftp.research.att.com/dist/mab/keylength.txt } There is no need to have the resources of an institution of higher }education at hand, however. Anyone with a modicum of computer }expertise and a few hundred dollars would be able to attack 40-bit }encryption much faster. An FPGA chip --- costing approximately $400 }mounted on a card --- would on average recover a 40-bit key in five }hours. Assuming the FPGA lasts three years and is used continuously }to find keys, the average cost per key is eight cents. } } A more determined commercial predator, prepared to spend $10,000 }for a set-up with 25 ORCA chips, can find 40-bit keys in an average of }12 minutes, at the same average eight cent cost. Spending more money }to buy more chips reduces the time accordingly: $300,000 results in }a solution in an average of 24 seconds; $10,000,000 results in an }average solution in 0.7 seconds. } } As already noted, a corporation with substantial resources can }design and commission custom chips that are much faster. By doing }this, a company spending $300,000 could find the right 40-bit key in }an average of 0.18 seconds at 1/10th of a cent per solution; a larger }company or government agency willing to spend $10,000,000 could find }the right key on average in 0.005 seconds (again at 1/10th of a cent }per solution). (Note that the cost per solution remains constant }because we have conservatively assumed constant costs for chip }acquisition --- in fact increasing the quantities purchased of a }custom chip reduces the average chip cost as the initial design and }set-up costs are spread over a greater number of chips.)
On Mon, 8 Apr 1996, Perry E. Metzger wrote:
The rest of this article is a direct quotation from Blaze et al in the paper they wrote on minimal safe key lengths. Note that they show that it is easy enough to make a cracker that costs eight cents (CENTS!) per solution, and not that hard to get it down to 1/10th of a cent!
} There is no need to have the resources of an institution of higher }education at hand, however. Anyone with a modicum of computer }expertise and a few hundred dollars would be able to attack 40-bit }encryption much faster. An FPGA chip --- costing approximately $400 }mounted on a card --- would on average recover a 40-bit key in five }hours. Assuming the FPGA lasts three years and is used continuously }to find keys, the average cost per key is eight cents.
This AT&T Orca or FPGA chip or whatever the name is, is it freely available device and how easy would it be to get one? I am not sure I understand what it is, but even in case you would have to write the code to crack RC4 and program the chip yourself, that does not seem very hard thing to do. What I am asking is if this cracking device would be available to anyone with 400$ and some computer knowledge? Jüri Kaljundi jk@digit.ee
This AT&T Orca or FPGA chip or whatever the name is, is it freely available device
If you mean "do they sell them commercially" the answer is yes.
What I am asking is if this cracking device would be available to anyone with 400$ and some computer knowledge?
You would have to be smart but yes. There are many such devices, by the way. .pm
On Mon, 8 Apr 1996, JR Weaver wrote:
with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make transactions over the net and SFNB does not limit you to 128-bit. Is it really that easy to break 40-bit? Don't you need access to a "fair amount of cpu power" to brute force crack 40bit? As far as I know client authentication is Put put it in a word, 'yes'.
strictly username & password. What other authentication system exists?? This would be a very good system to attack.
Last year during the 'break SSL export' saga, I was able to seach 2^39 of the key space mostly using networked workstations that were 486DX50's and sparc 20's. This took 2 week and basically I ran for 12 hours each night and no-one at work really knew I was doing this. Well I now have a pentium 100 and they are starting to appear all over the place, they run my code 3 times faster. This now means that some-one like me, working in a large software company, if it was fitted out with lots of pentiums would be able to definitly get your username and password in less than 10 days with basically no-one knowing that this had been done. Hell, I still have my software sitting around, it is automated, it would only take me a month, with no intervention from me until I get the email with the results. Please remember that I'm not talking about theory. Besides the person working next to me, no-one at work knew I was participating in the brute force beaking attempt. Well this is not totally true, the owner of the SGI with 6 R4400 CPU's noticed that I was using a few of the CPU's but they did not know what the programs were doing :-). I would say that RC4 40 should not be used if possible, especially to do with anything to do with banking. eric (just putting in his own 2 certs worth). -- Eric Young | Signature removed since it was generating AARNet: eay@mincom.oz.au | more followups than the message contents :-)
Is it really that easy to break 40-bit? Don't you need access to a "fair amount of cpu power" to brute force crack 40bit?
I remember reading a recent paper at this URL: http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii They mentioned a Field Programmable Gate Array (FPGA), specifically a board-mounted AT&T Orca chip available for around $400. They said it could crack a 40-bit key in 5 hours (average). Sounds like anyone with root access on a major internet node could make a significant profit stealing credit card numbers. The FPGA sounds like a very interesting device, with quite a few legitimate uses... Has anyone out there seen one of these? (((cloaked sig file)))
participants (6)
-
Eric Young -
JR Weaver -
Jüri Kaljundi -
Perry E. Metzger -
sameer@c2.org -
Steve Reid