[Cryptography] DROWN attack on SSLv2 enabled servers

ianG iang at iang.org
Sun Mar 6 15:29:24 EST 2016 

On 3/03/2016 08:22 am, mok-kong shen wrote:
> Am 03.03.2016 um 04:03 schrieb Salz, Rich:
>>> Paper is at https://www.drownattack.com/drown-attack-paper.pdf
>>
>> Folks also might find this worthwhile:
>> https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
>>
>
> It is in my view remarkable that recently there are so many troubles
> with open-source software that become known one after the other. Of
> course the corresponding ones in closed-source software are by nature
> in the dark. I wonder why the software community in the large and the
> IT-security community in particular seem yet to have no active and
> concrete initiatives to urgently start projects to fundamentally search
> for countermeasures that are effective in practice. Certainly such
> countermeasures would necessarily have non-trivial costs (efficiency
> issues etc.), but I suppose there is no alternative to bearing the
> costs at least for applications whose security is exactly a binary
> variable, i.e. either there is security or there is none at all.




The fundamental systemic problem I believe is that few of the crypto 
projects have a holistic view to upgrade.  Instead, they've preferred to 
travel with the false sirens of algorithm agility.

Yet again, we find that a bug cannot be fixed by utilising algorithmic 
agility - because the breaks are 9:1 or better in the protocol not the 
algorithms.

Then, as the breaks are dominated by protocol breaks, the requirement is 
mass upgrade.  Which needs to be a carefully managed mitigation built in 
to the protocol.  In requirements terms, the system must have the 
capability to be upgraded, en masse.

Further, if hypothetically there were a failure in an algorithm (there 
was one once, RC4 I think) the situation is still that a mass upgrade is 
the best solution because it dominates the process.  It is easier or 
should be easier to upgrade than to adjust the algorithm params, and you 
get the latest stuff thrown in at the same time!

Mass upgrade is easier said than done - it's taken years for Microsoft 
and Apple to bed it in.  But it's much harder if you don't face up to it.



iang

More information about the cryptography mailing list