[Cryptography] Points of compromise

Phillip Hallam-Baker hallam at gmail.com
Sun Sep 8 13:53:49 EDT 2013

I was asked to provide a list of potential points of compromise by a
concerned party. I list the following so far as possible/likely:

1) Certificate Authorities

Traditionally the major concern (perhaps to the point of distraction from
other more serious ones). Main caveat, CA compromises leave permanent
visible traces as recent experience shows and there are many eyes looking.
Even if Google was compromised I can't believe Ben Laurie and Adam Langley
are proposing CT in bad faith.

2) Covert channel in Cryptographic accelerator hardware.

It is possible that cryptographic accelerators have covert channels leaking
the private key through TLS (packet alignment, field ordering, timing,
etc.) or in key generation (kleptography of the RSA modulus a la Motti

3) Cryptanalytic attack on one or more symmetric algorithms.

I can well believe that RC4 is bust and that there is enough RC4 activity
going on to make cryptanalysis worth while. The idea that AES is
compromised seems very less likely to me.

4) Protocol vulnerability introduced intentionally through IETF

I find this rather unlikely to be a direct action since there are few
places where the spec could be changed to advantage an attacker and only
the editors would have the control necessary to introduce text and there
are many eyes.

5) Protocol vulnerability that IETF might have fixed but was discouraged
from fixing.

Oh more times than I can count. And I would not discount the possibility
that there would be strategies based exploiting on the natural suspicion
surrounding security matters. It would have been easy for a faction to
derail DNSSEC by feeding the WG chair's existing hostility to CAs telling
him to stand firm.

One concern here is that this will fuel the attempt to bring IETF under
control of the ITU and Russia, China, etc.

Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130908/5d7532f6/attachment.html>

More information about the cryptography mailing list