[Cryptography] RFC: block cipher randomization
Ray Dillinger
bear at sonic.net
Mon Jun 27 18:18:52 EDT 2016
On 06/27/2016 01:41 PM, Vlad wrote:
> Thank you guys for the feedback!
> Special thanks to Ray!
>
Jerry had a fine point too; Any "extra" data sent, if your
correspondent can't check it, is an excellent way for malware to
exfiltrate data. And malware will exfiltrate stolen data in any way
possible.
Grrf. Recently dealt with malware exfiltrating data in DNS queries
of all things, where the botmaster was intercepting traffic at the
DNS server using Wireshark. It's a particularly annoying technique,
because *NOBODY* firewalls DNS, most security software ignores DNS, and
a bunch of applications CRASH if you firewall DNS. Networks with
sensitive contents now need to be running their own DNS servers
in-house and preferably deploying DNScrypt.
But in this case I think it's a nonissue, because whoever hopes to get
at exfiltrated data has to be able to first decrypt the ciphertext, and
that requires them to have the session key that your *legitimate*
correspondent is using.
With access to the plaintext, it probably isn't necessary to be able to
generate the pseudorandom stream to find the salt/plaintext boundaries;
it's fairly easy to separate interleaved datastreams, especially if one
or both of them has a known format.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160627/250b805c/attachment.sig>
More information about the cryptography
mailing list