[Cryptography] OPENSSL FREAK

ianG iang at iang.org
Sat Mar 28 18:55:13 EDT 2015


On 28/03/2015 22:02 pm, Tony Arcieri wrote:
> On Sat, Mar 28, 2015 at 2:35 PM, ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
>
>     On 28/03/2015 18:05 pm, Tony Arcieri wrote:
>
>         Without cipher agility, you're stuck using the bad ciphers
>         forever until
>         you throw away the protocol and start over.
>
>
>     Yes.  Do that.  Not upgrading the protocol, not starting over is
>     also a bad thing.
>
>
> It's probably a better approach for security, but if you care at all
> about usability, it's practically a nonstarter.


Right, and now we're back to:  how do you switch from one cipher to 
another?  How do you turn off a cipher?

If usability is a concern (and of course it must be) then the user 
cannot have any input into this, because asking the user to do anything 
to do with crypto is both error prone and opens up a huge security 
weakness - the downgrade attack.

So we're more or less required to consider some form of automatic 
upgrade mechanism.  As Apple, Microsoft, etc have been working on for a 
decade now.

In which case, may as well upgrade the whole bloody lot.

 From a general life-cycle approach, there are no times or processes or 
aspects where algorithm agility plays any real full part.  Certainly it 
plays a checkbox / audit part in that the question "what happens when 
the alg breaks" is answered by "algorithm agility."  But it plays no 
part in real life security, as enjoyed by users.

Fans of algorithm agility need to lay out their life-cycle vision, and 
refer to empirical evidence that it was possible, it happened, it was 
the right thing to do, and it worked.



iang



More information about the cryptography mailing list