[Cryptography] FREAK attack
Phillip Hallam-Baker
phill at hallambaker.com
Wed Mar 4 20:09:18 EST 2015
On Wed, Mar 4, 2015 at 12:18 PM, Jerry Leichter <leichter at lrw.com> wrote:
> Latest attack on SSL, affecting some huge percentage of both servers and
> clients: https://freakattack.com/
>
> Remember all those export modes for SSL that we had to live with two
> decades ago? Well, it turns out they are still present in at least two
> code bases (OpenSSL and Apple's SSL implementation), though they aren't
> offered to the peer. However, if you MITM the connection and simply tell
> both ends to use export RSA (512 bit=) - due to bad checking, they will.
>
> Lessons to learn:
>
> 1. Modes and choices are bad in crypto protocols.
> 2. Leaving holes to let "good governments" in will inevitably leave holes
> for others as well.
> 3. In code, assume nothing ever really goes away.
>
0. You don't get more security by adding stronger ciphers to a system. You
get more security by stopping use of the weaker ones.
Also, I note that we get one of these events about once a month while CA
issues occur at a much lower rate. Every time there is a CA event there are
people proposing to do away with CAs. But nobody ever seems to come to the
same conclusion about browsers...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150304/4180be92/attachment.html>
More information about the cryptography
mailing list