On Nov 8, 2009, at 7:45 PM, Thorsten Holz wrote:
...There are several approaches to stop (or at least make it more
difficult) this attack vector. A prototype of a system that
implements the techniques described in your blog posting was
presented by IBM Zurich about a year ago, see http://www-03.ibm.com/press/us/en/pressrelease/25828.wss
for details.
Bring two threads together: The ZTIC is designed to work with
unmodified servers, hence implements SSL/TLS internally. Could the
recently discovered SSL injection attack be used against it? (I
haven't thought it through and have no idea.) Whether or not it can,
it demonstrates the hazards of freezing implementations of crypto
protocols into ROM: Imagine a world in which there are a couple of
hundred million ZTIC's or similar devices fielded - and a significant
vulnerability is found in the protocol they speak. (Since we're
talking about a *protocol* vulnerability, having multiple competing
implementations doesn't help.)
Now, you could make the same argument about the encryption mechanisms
- AES, RSA, whatever else is frozen in that silicon - as well. We're
reasonably sure of our ability to build strong block and public key
ciphers - there have been no significant (publicly known!) breaks in
any fielded system in years. The problems with hash functions show
that our abilities there aren't as good as we thought. But this
recent attack against SSL/TLS, studied by so many people for so many
years, should make us really humble about the state of the art in
secure protocol development.
Not that this should block the use of devices like the ZTIC! They're
still much more secure than the alternatives. But it's important to
keep in mind the vulnerabilities we engineer *into* systems at the
same time we engineer others *out*.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com