[Cryptography] OPENSSL FREAK
iang at iang.org
Sat Mar 28 18:55:13 EDT 2015
On 28/03/2015 22:02 pm, Tony Arcieri wrote:
> On Sat, Mar 28, 2015 at 2:35 PM, ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
> On 28/03/2015 18:05 pm, Tony Arcieri wrote:
> Without cipher agility, you're stuck using the bad ciphers
> forever until
> you throw away the protocol and start over.
> Yes. Do that. Not upgrading the protocol, not starting over is
> also a bad thing.
> It's probably a better approach for security, but if you care at all
> about usability, it's practically a nonstarter.
Right, and now we're back to: how do you switch from one cipher to
another? How do you turn off a cipher?
If usability is a concern (and of course it must be) then the user
cannot have any input into this, because asking the user to do anything
to do with crypto is both error prone and opens up a huge security
weakness - the downgrade attack.
So we're more or less required to consider some form of automatic
upgrade mechanism. As Apple, Microsoft, etc have been working on for a
In which case, may as well upgrade the whole bloody lot.
From a general life-cycle approach, there are no times or processes or
aspects where algorithm agility plays any real full part. Certainly it
plays a checkbox / audit part in that the question "what happens when
the alg breaks" is answered by "algorithm agility." But it plays no
part in real life security, as enjoyed by users.
Fans of algorithm agility need to lay out their life-cycle vision, and
refer to empirical evidence that it was possible, it happened, it was
the right thing to do, and it worked.
More information about the cryptography