[Cryptography] FREAK attack

ianG iang at iang.org
Tue Mar 10 15:24:40 EDT 2015

On 5/03/2015 01:09 am, Phillip Hallam-Baker wrote:
> On Wed, Mar 4, 2015 at 12:18 PM, Jerry Leichter <leichter at lrw.com
> <mailto:leichter at lrw.com>> wrote:
>     Latest attack on SSL, affecting some huge percentage of both servers
>     and clients: https://freakattack.com/
>     Remember all those export modes for SSL that we had to live with two
>     decades ago?  Well, it turns out they are still present in at least
>     two code bases (OpenSSL and Apple's SSL implementation), though they
>     aren't offered to the peer.  However, if you MITM the connection and
>     simply tell both ends to use export RSA (512 bit=) - due to bad
>     checking, they will.
>     Lessons to learn:
>     1.  Modes and choices are bad in crypto protocols.
>     2.  Leaving holes to let "good governments" in will inevitably leave
>     holes for others as well.
>     3.  In code, assume nothing ever really goes away.
> 0. You don't get more security by adding stronger ciphers to a system.
> You get more security by stopping use of the weaker ones.

This is the part that IETF WGs do not have a handle on.

In the spirit of being positive perhaps the Security section of all 
future RFCs should now include a section on how to take away old 
ciphers/modes/suites... ?

> Also, I note that we get one of these events about once a month while CA
> issues occur at a much lower rate. Every time there is a CA event there
> are people proposing to do away with CAs. But nobody ever seems to come
> to the same conclusion about browsers...

Don't get me started.... ;)

More information about the cryptography mailing list