[Cryptography] FREAK attack

Phillip Hallam-Baker phill at hallambaker.com
Wed Mar 4 20:09:18 EST 2015

On Wed, Mar 4, 2015 at 12:18 PM, Jerry Leichter <leichter at lrw.com> wrote:

> Latest attack on SSL, affecting some huge percentage of both servers and
> clients:  https://freakattack.com/
> Remember all those export modes for SSL that we had to live with two
> decades ago?  Well, it turns out they are still present in at least two
> code bases (OpenSSL and Apple's SSL implementation), though they aren't
> offered to the peer.  However, if you MITM the connection and simply tell
> both ends to use export RSA (512 bit=) - due to bad checking, they will.
> Lessons to learn:
> 1.  Modes and choices are bad in crypto protocols.
> 2.  Leaving holes to let "good governments" in will inevitably leave holes
> for others as well.
> 3.  In code, assume nothing ever really goes away.

0. You don't get more security by adding stronger ciphers to a system. You
get more security by stopping use of the weaker ones.

Also, I note that we get one of these events about once a month while CA
issues occur at a much lower rate. Every time there is a CA event there are
people proposing to do away with CAs. But nobody ever seems to come to the
same conclusion about browsers...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150304/4180be92/attachment.html>

More information about the cryptography mailing list