[Cryptography] DROWN attack on SSLv2 enabled servers
ianG
iang at iang.org
Sun Mar 6 15:29:24 EST 2016
On 3/03/2016 08:22 am, mok-kong shen wrote:
> Am 03.03.2016 um 04:03 schrieb Salz, Rich:
>>> Paper is at https://www.drownattack.com/drown-attack-paper.pdf
>>
>> Folks also might find this worthwhile:
>> https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
>>
>
> It is in my view remarkable that recently there are so many troubles
> with open-source software that become known one after the other. Of
> course the corresponding ones in closed-source software are by nature
> in the dark. I wonder why the software community in the large and the
> IT-security community in particular seem yet to have no active and
> concrete initiatives to urgently start projects to fundamentally search
> for countermeasures that are effective in practice. Certainly such
> countermeasures would necessarily have non-trivial costs (efficiency
> issues etc.), but I suppose there is no alternative to bearing the
> costs at least for applications whose security is exactly a binary
> variable, i.e. either there is security or there is none at all.
The fundamental systemic problem I believe is that few of the crypto
projects have a holistic view to upgrade. Instead, they've preferred to
travel with the false sirens of algorithm agility.
Yet again, we find that a bug cannot be fixed by utilising algorithmic
agility - because the breaks are 9:1 or better in the protocol not the
algorithms.
Then, as the breaks are dominated by protocol breaks, the requirement is
mass upgrade. Which needs to be a carefully managed mitigation built in
to the protocol. In requirements terms, the system must have the
capability to be upgraded, en masse.
Further, if hypothetically there were a failure in an algorithm (there
was one once, RC4 I think) the situation is still that a mass upgrade is
the best solution because it dominates the process. It is easier or
should be easier to upgrade than to adjust the algorithm params, and you
get the latest stuff thrown in at the same time!
Mass upgrade is easier said than done - it's taken years for Microsoft
and Apple to bed it in. But it's much harder if you don't face up to it.
iang
More information about the cryptography
mailing list