[Cryptography] FREAK attack
ianG
iang at iang.org
Tue Mar 10 15:24:40 EDT 2015
On 5/03/2015 01:09 am, Phillip Hallam-Baker wrote:
>
>
> On Wed, Mar 4, 2015 at 12:18 PM, Jerry Leichter <leichter at lrw.com
> <mailto:leichter at lrw.com>> wrote:
>
> Latest attack on SSL, affecting some huge percentage of both servers
> and clients: https://freakattack.com/
>
> Remember all those export modes for SSL that we had to live with two
> decades ago? Well, it turns out they are still present in at least
> two code bases (OpenSSL and Apple's SSL implementation), though they
> aren't offered to the peer. However, if you MITM the connection and
> simply tell both ends to use export RSA (512 bit=) - due to bad
> checking, they will.
>
> Lessons to learn:
>
> 1. Modes and choices are bad in crypto protocols.
> 2. Leaving holes to let "good governments" in will inevitably leave
> holes for others as well.
> 3. In code, assume nothing ever really goes away.
>
>
> 0. You don't get more security by adding stronger ciphers to a system.
> You get more security by stopping use of the weaker ones.
This is the part that IETF WGs do not have a handle on.
In the spirit of being positive perhaps the Security section of all
future RFCs should now include a section on how to take away old
ciphers/modes/suites... ?
> Also, I note that we get one of these events about once a month while CA
> issues occur at a much lower rate. Every time there is a CA event there
> are people proposing to do away with CAs. But nobody ever seems to come
> to the same conclusion about browsers...
Don't get me started.... ;)
More information about the cryptography
mailing list