Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSL, CAs and keeping your stuff safe
Search
Armin Ronacher
May 10, 2014
Programming
7
1k
SSL, CAs and keeping your stuff safe
A capitalistic and system conformant talk about encryption.
Armin Ronacher
May 10, 2014
Tweet
Share
More Decks by Armin Ronacher
See All by Armin Ronacher
Agentic Coding: The Future of Software Development with Agents
mitsuhiko
0
330
Do Dumb Things
mitsuhiko
0
740
No Assumptions
mitsuhiko
0
260
The Complexity Genie
mitsuhiko
0
250
The Catch in Rye: Seeding Change and Lessons Learned
mitsuhiko
0
360
Runtime Objects in Rust
mitsuhiko
0
360
Rust at Sentry
mitsuhiko
0
510
Overcoming Variable Payloads to Optimize for Performance
mitsuhiko
0
230
Rust API Design Learnings
mitsuhiko
0
590
Other Decks in Programming
See All in Programming
Back to the Future: Let me tell you about the ACP protocol
terhechte
0
130
Playwrightはどのようにクロスブラウザをサポートしているのか
yotahada3
7
2.3k
SpecKitでどこまでできる? コストはどれくらい?
leveragestech
0
510
Go Conference 2025: Goで体感するMultipath TCP ― Go 1.24 時代の MPTCP Listener を理解する
takehaya
7
1.6k
エンジニアとして高みを目指す、 利益を生み出す設計の考え方 / design-for-profit
minodriven
23
12k
CI_CD「健康診断」のススメ。現場でのボトルネック特定から、健康診断を通じた組織的な改善手法
teamlab
PRO
0
180
そのpreloadは必要?見過ごされたpreloadが技術的負債として爆発した日
mugitti9
2
3k
タスクの特性や不確実性に応じた最適な作業スタイルの選択(ペアプロ・モブプロ・ソロプロ)と実践 / Optimal Work Style Selection: Pair, Mob, or Solo Programming.
honyanya
3
140
開発生産性を上げるための生成AI活用術
starfish719
1
170
overlayPreferenceValue で実現する ピュア SwiftUI な AdMob ネイティブ広告
uhucream
0
110
Reduxモダナイズ 〜コードのモダン化を通して、将来のライブラリ移行に備える〜
pvcresin
2
680
Web Components で実現する Hotwire とフロントエンドフレームワークの橋渡し / Bridging with Web Components
da1chi
3
1.7k
Featured
See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Code Review Best Practice
trishagee
72
19k
Balancing Empowerment & Direction
lara
4
680
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Music & Morning Musume
bryan
46
6.8k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Building Adaptive Systems
keathley
43
2.8k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
We Have a Design System, Now What?
morganepeng
53
7.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Transcript
SSL, CAs and keeping your stuff safe BQSFTFOUBUJPOCZBSNJOSPOBDIFSGPSQZHSVOO http://lucumr.pocoo.org/ —
@mitsuhiko
SSL, CAs and keeping your stuff safe BQSFTFOUBUJPOCZBSNJOSPOBDIFSGPSQZHSVOO http://lucumr.pocoo.org/ —
@mitsuhiko a capitalistic and system conformant talk about encryption
Armin Ronacher Independent Contractor for Splash Damage / Fireteam Doing
Online Infrastructure for Computer Games
… The Problem with Programmers ~ Epilogue ~
Programmers think everything is a technical problem
Fraud ~ Chapter 1 ~
XXXX-XXXX-XXXX-1234 What is the worst that can happen?
What makes Credit Card Numbers “secure”?
theft ere will always be criminals
prevented But what damage can they do?
Bitcoin A Credit Card Strong Encryption Potentially No Encryption 256
bit private key 16 digit number + checksum decentralized centralized √ x
But I'd rather lose my credit card …
Never
LOL
We Accept Stolen Creditcards
e Protocol e Process is insecure is secure
If the aud percentage is smaller than the transaction fees
we're all good.
It's too easy to forget the bigger picture
of Lock Symbols and Encryption ~ Chapter 2 ~
the lock symbol is a lie
the lock stands for secure
but so is encryption 8 7
such security
such buzzwords CRIME BEAST Heartbleed BREACH PFS
users need to understand how to keep good om bad
lock symbols / good om bad encryption. = -
but even developers are not sure yet …
remember why you encrypt (NSA
Why do we Encrypt Traffic? ~ Chapter 3 ~
None
public WiFi the unencrypted browser session kilLed
? Who is the Attacker?
om secret agents to idiots
om targeted to untargeted
om low to high probability
What You Need for Encryption ~ Chapter 4 ~
passive vs active eavesdropping encryption authentication
$ ssh pocoo.org The authenticity of host 'pocoo.org (148.251.50.164)' can't
be established. RSA key fingerprint is 14:23:83:02:45:f9:9c:d0:eb:39:c7:14:42:f5:9f:9c. Are you sure you want to continue connecting (yes/no)?
your user does not check ngerprints (your
e Certificate Authorities thus:
CAs are worthless for securing APIs let it be known
that
Protecting APIs and Services ~ Chapter 5 ~ (non
The Only Rule to Follow
run your own CA issue certi cates for 24 hours
trust your own CA only screw re ocations
You trust your own CA by distributing the certi cate
to everybody.
If your root gets compromised, distribute new root certi cates.
If an individual key gets compromised, in less than 24
hours everything is ne.
from requests import get resp = get('https://api.yourserver.com/', verify='your/certificate.bundle')
“But my awesome AntiVirus says your certi cate is not
trusted.” — Windows User
Certificate Authorities Again ~ Chapter 6 ~
Hardly news: CAs are Broken
But why are the broken?
I Trust “TÜRKTRUST Elektronik Serti ka Hizmet Sağlayıcısı” to ouch
for the identity of any domain on the planet. Trusting a CA:
trusting half the world: one shitty employee in one shitty
CA is enough to break your security.
I Trust “Comodo” to ouch for the identity of “Foo
Owner” foo.com. I only trust “Foo Owner” to ouch for the identity of api.foo.com What we actually want:
if you have seen google.com being from Verisign and all
the sudden google.com becomes a StartSSL certificate you know something might be wrong.
Soon: Certificate Pinning?
Frack OpenSSL and Question “Best Practices” ~ Chapter 7 ~
Self-Signed Certificates are not bad. Just in browsers.
Never. Ever. Look at OpenSSL's Source.
OpenSSL's "patches" are even worse: Apple's OpenSSL always trusts system
store :-/
Requests by default trusts it's own bundle :-/ (And does
not even properly document how to use custom ones)
With Heartbleed SSL was less secure than no SSL :-/
Growing SSL ~ Chapter 8 ~
Credit Cards were made for thousands of people Certificate Authorities
were made for hundreds of sites
OpenSSL was probably improperly audited
See “OpenSSL Valhalla Rampage” :-( “i give up. reuse problem
is unixable. dlg says puppet crashes” — tedu
Plan for Failure ~ Chapter 9 ~
what
what happens to your user if he gets hacked? (food
for thought: keyloggers are still a thing)
what happens to your data
what happens to your company
encryption is hardened security it must not be your only
defense
? Feel Free To Ask Questions Talk slides will be
online on lucumr.pocoo.org/talks You can find me on Twitter: @mitsuhiko And gittip: gittip.com/mitsuhiko Or hire me:
[email protected]