lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4D6BDF6C.20003@extendedsubset.com>
Date: Mon, 28 Feb 2011 11:46:20 -0600
From: Marsh Ray <marsh@...endedsubset.com>
To: bk <chort0@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, security@...hon.org
Subject: Re: Python ssl handling could be better...


   +1 with a cherry on top!

A cipher is a device for converting a plaintext distribution problem 
into a key distribution problem.

An ephemeral key-agreement protocol (e.g., Diffie-Hellman) is a device 
for converting a key distribution problem into an authentication problem.

Therefore, authentication is primary.

One could say that unauthenticated encryption converts a passive 
eavesdropping attack into an active man-in-the-middle attack.

On 02/27/2011 12:58 PM, bk wrote:
>
> - If you have the ability to sniff unencrypted traffic, you also have
> the ability to hijack unauthenticated HTTPS traffic, it just that
> simple.

Of the population of people who login to a computer and try to protect 
information, the percentage of those who have ever used tcpdump or 
Wireshark is very small. Of those who have looked at a packet capture, 
the percentage who have ever experimented with active network attack 
tools is even smaller. Nevertheless, there are off-the-shelf systems 
that will do it at production scale.

Most of us find it much easier to obtain and view a pcap than set up an 
active man-in-the-middle attack scenario. So converting the attacker 
from a passive eavesdropper to an active on-line attacker (who probably 
had to plan ahead a little bit) sure seems like it would represent an 
increase in security.

And maybe it is if you're only defending against the random internet 
malware of today. But it's of little use if you need to be concerned 
about a targeted attack (i.e., you have, know, or are something worth 
defending). Just ask the Iranian government or the Tunisian people.

> - ENCRYPTION IS POINTLESS WITHOUT AUTHENTICATION

Maybe it's even worse than pointless.

1. Insufficiently-authenticated encryption inevitably gives a false 
sense of security.

2. Encryption can cause open vulnerabilities to be hidden to passive 
network monitoring systems.

3. But attackers are not constrained to be passive. Encryption can cause 
active, ongoing attacks to be hidden from monitoring.

Humans, like all living things, have over millions of years evolved 
sophisticated built-in mechanisms for recognizing each other. We have so 
much authentication going on at an automatic level that we find it very 
difficult to judge the magnitude of the task.

This is exactly the type of situation that favors the hackers, 
pentesters, and dictators of countries where the ISPs operate under the 
Ministry of Information.

Let's not make it so easy that it takes all the fun out of it for them.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ