[Cryptography] Other obvious issues being ignored?

Watson Ladd watsonbladd at gmail.com
Tue Oct 20 07:41:27 EDT 2015 

On Mon, Oct 19, 2015 at 11:00 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Thierry Moreau <thierry.moreau at connotech.com> writes:
>
>>It's a shame that this old issue has been ignored until now!
>>
>>What other "obvious" questions are we ignoring?
>
> Lots and lots and lots, and specifically questions so obvious that they
> shouldn't even need to be asked.  Things like "will your implementation accept
> RSA keys with exponent 1" (many did, until bad publicity forced a fix), "will
> it accept keys known to be insecure twenty years ago?" (ditto), "will it
> accept obviously non-prime primes for public keys?" (ditto), and so on and so
> on.  To quote Bruce, many crypto-using applications are "as insecure as you
> can possibly get away with", because they use crypto and are therefore secure
> by executive fiat rather than actual practice.

Let's remember that the RSA keys are generated by another party. The
protocol can't protect against stupidity of another party, but should
ensure that it isn't possible to affect the security of connections
with other honest parties. That was the real problem with TLS here.

Likewise, checking DH parameters for validity has obvious problems: it
doesn't actually prevent small subgroup confinement unless you ban DSA
style primes. The right solution is to design the protocol so that
isn't required. Protocols can and should reduce the amount of work
necessary to be sure implementations are safe.

> You can't even come up with a checklist for this, because you'd have to ask so
> many questions, and of such boneheaded obviousness, that you couldn't get
> anyone to come up with them all.  In the meantime, people are so busy debating
> whether they can use the Ed209 curve with the Blake7 hash function or not that
> they're missing the fact that the app they want to use it with will happily
> accept the number 15 as a DH prime (yes, there are browsers that did that).
>
> Peter.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

More information about the cryptography mailing list