On Thursday 18 April 2002 11:46 pm, Toby wrote: > Seth Arnold writes: > > On Wed, Apr 17, 2002 at 10:01:13PM -0700, Jere Retzer wrote: > > > Question -- have there been any documented cases of weak encryption > > > leading to significant exploits? I don't mean to belittle the need for > > > encryption but I don't see significant exploits actually happening. > > > Maybe the right attitude is to say if we did not keep up that we would > > > be seeing exploits. > > > > [Jere, your emails would be easier to read if you wrapped your lines at > > 72 characters. Thanks.] > > > > Yes, there is significant evidence of weak crypto being used for > > significant exploits. > > > > The SSH CRC-32 compensation attack, discovered by Michal Zalewski, is > > the best known example: > > http://online.securityfocus.com/bid/2347 > > This has been rooting boxes for over a year. > > I need to take issue with the reference to the CRC-32 attack. That is not > an attack against bad crypto. That is an attack against bad programming. > The DVD reference is more appropriate, as would be a number of the attacks > that are available against WEP40 and WEP128. There are also cases where use of crypto was totally irrelevant to the security of the information involved. In the Windows 95 registration, they had a little "feature" that would check your harddrive for certain installed software titles and send that information off with your completed registration. The database of these titles was encrypted. The person who figured out what they were looking for did not need to break the encryption. He just wrote a VxD that looked for accesses to the drive. The list of directories searched for gave him a complete list of the content of the encrypted file. (Or at least, all that mattered.) As for DVD security: The DVD encryption scheme has a keylength that is only 24 bits effectivly. (They don't use all bits of the key!) Instead of using something that people knew was strong, they came up with their own home brew cypher. Security by obscurity was not much help in this case. Current players for Unix that bypass the key do not have a list of pre-cracked keys. They decrypt them on a disc by disc basis. On a p-III 600, this takes maybe a minute for all keys on the disc. (One for each .vob file.) Not all DVD discs in the US are encrypted. The discs from the major studios are, but many from the non-major studios are not. (I am willing to bet you have to pay for the technology to encrypt the discs and it does nothing to stop DVD pirates.) I have one disc that even brags that it has no encryption or Macrovision on the DVD. ("Elephant Parts" by Michael Neismith.)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:41:18 PDT