[Cryptography] On those spoofed domain names...

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Mar 10 22:27:18 EST 2018


Ray Dillinger <bear at sonic.net> writes:

>We've beaten up on the Unicode committee so often, on this list, for the
>lookalike characters that mislead humans, and the alternate encodings that
>break hashes, and the alternate codepoint sequences for the same character
>that screw with any search for substrings, and .... it just goes on and on.

A general comment on this, these sorts of things are often only a problem if
you're relying on blacklists for security.  I know the PKI community pretty
much lives by blacklists as a security mechanism, but for everyone else the
problems can be avoided through the simple dictum _don't_ _use_ _blacklists_.
Using Unicode tricks to evade them is just one of a zillion instances where
they fail.  If your name check is a binary 
"compare( commonName, ASCII( "www.ca.com" ) )" then one and only one name will
match.  If it's a vague "anything sort-of-OK is allowed except perhaps for
this shortlist of banned names" then you're always going to get spoofed.

My code ignores punycode.  One and only one name will ever match for 
"www.ca.com", not a whole universe of lookalike names.  Even if the CA encodes
it in UTF-8 or UCS2/UCS16, "www.{cyrillic-s}a.com" still won't match 
"www.ca.com" 

>An this, in my estimation, is a big design failure on the part of the Unicode
>committee.  

I don't think this is the Unicode community's fault.  Their job is to figure
out how to encode glyphs, not to determine whether the visual Hamming distance
between glyph A and glyph B makes it unworthy of a codepoint.  It's entirely
the security software's fault if it enables this type of spoofing. 

I'm actually rather shocked there's still a browser that's vulnerable to this
after all this time.  Krebs did point out that none of the major browsers, IE,
Edge, Chrome, or Safari are vulnerable, I guess it's the also-rans around the
edges that are viable targets.  Interestingly, I've tried a few mobile
browsers including Chinese ones that you'd expect would go with punycode and
and none of them appear vulnerable.

Peter.


More information about the cryptography mailing list