FYI: It would be nice if someone could repost this the namedroppers.
This might inform some of the discussion going on there. Both DJB and I
have problems posting to namedroppers for basically the same
reasons---opposing the BIND cartel. However, getting this information
distributed seems to be important enough to be widely distributed.
Make sure you read the UIC announcement included at the end.
I'm greatly enjoying the Olympics; have fun!
--Dean
---------- Forwarded message ----------
Date: 8 Aug 2008 03:42:28 -0000
From: D. J. Bernstein <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Kaminsky on djbdns bugs
Kyle Wheeler writes:
> That makes it easier for an attacker to guess the right number, but
> only somewhat (your chances per-guess go from one in four billion to,
> say, thirty in four billion). This criticism of djbdns seems
> somewhat... well, specious.
http://cr.yp.to/djbdns/forgery.html has, for several years, stated the
results of exactly this attack:
The dnscache program uses a cryptographic generator for the ID and
query port to make them extremely difficult to predict. However,
* an attacker who makes a few billion random guesses is likely to
succeed at least once;
* tens of millions of guesses are adequate with a colliding attack;
etc. The same page also states bilateral and unilateral workarounds that
would raise the number of guesses to "practically impossible"; but then
focuses on the real problem, namely that "attackers with access to the
network would still be able to forge DNS responses."
I suppose I should be happy to see public awareness almost catching up
to the nastiest DNS attacks I considered in 1999. However, people are
deluding themselves if they think they're protected by the current
series of patches. UIC is issuing a press release today on this topic;
see below.
---D. J. Bernstein, Professor, Mathematics, Statistics,
and Computer Science, University of Illinois at Chicago
DNS still vulnerable, Bernstein says
CHICAGO, Thursday 7 August 2008 - Do you bank over the Internet? If so,
beware: recent Internet patches don't stop determined attackers.
Network administrators have been rushing to deploy DNS source-port
randomization patches in response to an attack announced by security
researcher Dan Kaminsky last month. But the inventor of source-port
randomization said today that new security solutions are needed to
protect the Internet infrastructure.
"Anyone who knows what he's doing can easily steal your email and insert
fake web pages into your browser, even after you've patched," said
cryptographer Daniel J. Bernstein, a professor in the Center for
Research and Instruction in Technologies for Electronic Security (RITES)
at the University of Illinois at Chicago.
Bernstein's DJBDNS software introduced source-port randomization in
1999 and is now estimated to have tens of millions of users. Bernstein
released the DJBDNS copyright at the end of last year.
Kaminsky said at the Black Hat conference yesterday that 120,000,000
Internet users were now protected by patches using Bernstein's
randomization idea. But Bernstein criticized this idea, saying that it
was "at best a speed bump for blind attackers" and "an extremely poor
substitute for proper cryptographic protection."
DNSSEC, a cryptographic version of DNS, has been in development since
1993 but is still not operational. Bernstein said that DNSSEC offers "a
surprisingly low level of security" while causing severe problems for
DNS reliability and performance.
"We need to stop wasting time on breakable patches," Bernstein said. He
called for development of DNSSEC alternatives that quickly and securely
reject every forged DNS packet.
Press contact: Daniel J. Bernstein <[EMAIL PROTECTED]>
-30-
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
