0

My bank's website uses HTTPS with the cipher suite ssl_rsa_with_rc4_128_md5.

What are the known weaknesses of this suite? Do they have a practical impact for banking-related communications?

Gilles 'SO- stop being evil'
  • 20,442
  • 4
  • 54
  • 97
nwaf
  • 19
  • 1
  • 2

1 Answers1

5

In a purist cryptographic sense, there are many vulnerabilities in this cipher suite that can be (theoretically and practically) exploited. There are much stronger versions of SSL/TLS, and much stronger cipher suites that could be used.

In a practical sense, it's not the end of the world - there are far worse cipher suites (e.g. those using intentionally weaked 'export' encryption, or weak ciphers such as DES), and you probably have more to fear from malware/phishing attacks etc. wrt interacting with your bank than from someone targeting your SSL connection.

Bear in mind that the cipher suite being used is what the bank web server chose to use based on the cipher suites your web browser told it could be used - if your browser is configured to disable TLS 1.0/1.1 for example, this may be the best the server could manage (although from the use of MD5, this appears unlikely).

If you're interested in the detail, then looking at each of the parts of ssl_rsa_with_rc4_128_md5 individually:

  • ssl - this indicates your site is using SSL, probably SSL 3.0. This is the older, and less secure version of TLS. Most web browsers now support TLS 1.0, 1.1 and 1.2, but only the most recent versions actually enable higher than TLS 1.0 by default.
  • rsa - this indicates the use of RSA for the key exchange/key agreement protocol. There's probably nothing to worry about here, although the use of RSA here uses the same private key every time you communicate with the site, so anyone who can record the encrypted traffic and at a later date steal the banks private key could decrypt the traffic.
  • rc4 - this indicates that the RC4 cipher is being used to encrypt traffic to and from your website. RC4 is considered broken (or at least suspect) for most uses, and 'practical' attacks have been demonstrated against it's use in SSL/TLS. 'Practical' in this sense still involves a fair amount of work on the part of the attacker, and you'd have to be a high value target to make that worth it. RC4 is still very commonly used in SSL/TLS, as it is immune to other attacks (such as the BEAST attack) that affect other ciphers.
  • 128 - this indicates 128 bit encryption keys are being used. This is a good key size for most applications, and nothing to worry about.
  • md5 - this indicates the use of the MD5 hash algorithm to perform functions like deriving keys and authenticating messages in the SSL protocol. MD5 is considered broken as a cryptographic hash function, but it's use in SSL is either in combination with SHA1 (another suspect, but stronger hash function) or in an HMAC like construction, which makes attacking it a lot more difficult.

Most of these issues are in the walk, don't run, to the exit category (the use of MD5 being probably the most concerning issue) - it would be prudent for your bank (and you) to start using more modern cipher suites to protect traffic.

Community
  • 1
archie
  • 1,998
  • 17
  • 28