[Cryptography] FREAK attack
Peter Fairbrother
zenadsl6186 at zen.co.uk
Thu Mar 5 08:58:42 EST 2015
On 04/03/15 17:18, Jerry Leichter wrote:
> Latest attack on SSL, affecting some huge percentage of both servers and clients: https://freakattack.com/
>
> Remember all those export modes for SSL that we had to live with two decades ago? Well, it turns out they are still present in at least two code bases (OpenSSL and Apple's SSL implementation), though they aren't offered to the peer. However, if you MITM the connection and simply tell both ends to use export RSA (512 bit=) - due to bad checking, they will.
>
> Lessons to learn:
>
> 1. Modes and choices are bad in crypto protocols.
> 2. Leaving holes to let "good governments" in will inevitably leave holes for others as well.
> 3. In code, assume nothing ever really goes away.
Couldn't agree more :)
To which, add:
4. Occam's razor applies to protocol design too - the simpler it is, the
less points of attack there are.
5. A system that's hard to use doesn't get used. Good user interfaces
are essential. Users don't RTFM, so don't expect them to.
And we have the beginnings of a modern security software design philosophy.
Any additions?
-- Peter Fairbrother
>
> Not, I'm sure, that anyone on this list needs persuading. But this needs to be repeated, over and over again, so that even non-crypies - and even non-techies - come to internalize it.
> -- Jerry
More information about the cryptography
mailing list