Is SSL safe?
Czech security researchers this week claimed to have uncovered weaknesses in SSL that might permit crackers to decypher transmissions over supposedly secure links.
However, independent cryptography experts, who are studying a paper from Czech security outfit ICZ, are yet to verify the risk is real and as serious as ICZ suggests - so the research needs to be treated with caution.
A press release issued on behalf of Czech cryptologists Vlastimil Klíma and Tomá? Rosa, both of ICZ, and Ondrej Pokorný, paints a picture of severe problems with the SSL protocol. It states:
The weakness identified by the cryptologists makes it possible to attack the SSL/TLS (Secure Sockets Layer and Transport Layer Security) protocols used as a cryptographic protection of a majority of electronic transactions, such as on-line purchases and e-banking, and, in some cases, a secured transmission of e-mails as well.
[ Read more ]