Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)

From: Seth Arnold (sarnold@private)
Date: Thu Apr 18 2002 - 11:31:06 PDT

Next message: Jere Retzer: "CRIME Re: cryptography"

Previous message: register@private: "CRIME A washingtonpost.com article from tellner@private"
In reply to: Jere Retzer: "Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Next in thread: Toby: "Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Next in thread: Daggett, Steve: "RE: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Reply: Toby: "Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 17, 2002 at 10:01:13PM -0700, Jere Retzer wrote:
> Question -- have there been any documented cases of weak encryption
> leading to significant exploits? I don't mean to belittle the need for
> encryption but I don't see significant exploits actually happening.
> Maybe the right attitude is to say if we did not keep up that we would
> be seeing exploits.  

[Jere, your emails would be easier to read if you wrapped your lines at
72 characters. Thanks.]

Yes, there is significant evidence of weak crypto being used for
significant exploits.

The SSH CRC-32 compensation attack, discovered by Michal Zalewski, is
the best known example:
http://online.securityfocus.com/bid/2347
This has been rooting boxes for over a year.

The CRC-32 compensation was a fix for the initial (stupid) SSH-1
protocol, which used CRC-32 in place of stronger hash functions. Had the
SSH-1 protocol used a stronger message authentication code, such as HMAC
based on md5 or sha1, none of those problems would have existed, and
thousands of machines wouldn't have been rooted so easily. (Of course,
the ssh-1 protocol had other problems, such as relying on crypto
primitives that were patented in the United States.)

I'm reasonably certain this bug was the one that allowed for trojaned
ssh clients (password collectors) to be installed on sourceforge,
granting complete access to the attackers for the apache source code
when legitimate apache developers logged into the apache site from
sourceforge accounts.

Ask the DVD cabal how well they like their CSS encryption scheme being
trivially cracked by a 16 year old from Norway. I'm sure they would tell
you billions of dollars have been lost as a result of their extremely
poor crypto. (Never mind that the crypto was really only intended to
require DVD-player manufacturers to belong to the consortium -- as
crypto, their 'solution' would never have worked. I'll expand on this if
anyone is interested.)

Yeah, bad crypto is exploitable.

(Of course, I agree with Steve's original points, especially: host
security is so poor, 40 bit or 128 bit SSL is probably a moot point.)

-- 
http://immunix.org/

application/pgp-signature attachment: stored

Next message: Jere Retzer: "CRIME Re: cryptography"
Previous message: register@private: "CRIME A washingtonpost.com article from tellner@private"
In reply to: Jere Retzer: "Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Next in thread: Toby: "Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Next in thread: Daggett, Steve: "RE: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Reply: Toby: "Re: Oh, the irony. (Was Re: CRIME NIPC DAILY REPORT: 18 APRIL, 2002)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:41:06 PDT