subject:"OpenSSL"

RE: OpenSSL

2003-03-19 Thread Matt Ryan


lol - I promise in future to read to the bottom of messages. In fact if I
didn't top post I would have noticed, but that's a different can of worms
8-)


Matt.

-Original Message-
From: Petri Helenius [mailto:[EMAIL PROTECTED]
Sent: 18 March 2003 17:52
To: Matt Ryan; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OpenSSL



Note the smiley 10 lines down. You have been had.

Pete

- Original Message -
From: "Matt Ryan" <[EMAIL PROTECTED]>
To: "'Petri Helenius'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, March 18, 2003 5:58 PM
Subject: RE: OpenSSL


MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the
clever queuing can do it for you - but then it can for IP (because its the
same thing!).


Matt.

-Original Message-
From: Petri Helenius [mailto:[EMAIL PROTECTED]
Sent: 18 March 2003 15:10
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OpenSSL



>
> While the timing attack is the attack against the SSL server, it is my
> reading of the paper that the attacks' success largely depends on ability
to
> tightly control the time it takes to communicate with a service using SSL.
> Currently, such control is rather difficult to achive on links other than
> ethernet.
>
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
servers connected to MPLS networks are more suspectible to attack?










:-)

Pete

--
Live Life in Broadband
www.telewest.co.uk


The information transmitted is intended only for the person or entity to which it is 
addressed and may contain confidential and/or privileged material.
Statements and opinions expressed in this e-mail may not represent those of the 
company. Any review, retransmission, dissemination or other use of, or taking of any 
action in reliance upon, this information by persons or entities other than the 
intended recipient is prohibited. If you received this in error, please contact the 
sender immediately and delete the material from any computer.


==

Re: OpenSSL

2003-03-18 Thread Petri Helenius

Note the smiley 10 lines down. You have been had.

Pete

- Original Message -
From: "Matt Ryan" <[EMAIL PROTECTED]>
To: "'Petri Helenius'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, March 18, 2003 5:58 PM
Subject: RE: OpenSSL

MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the
clever queuing can do it for you - but then it can for IP (because its the
same thing!).

Matt.

-Original Message-
From: Petri Helenius [mailto:[EMAIL PROTECTED]
Sent: 18 March 2003 15:10
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OpenSSL

>
> While the timing attack is the attack against the SSL server, it is my
> reading of the paper that the attacks' success largely depends on ability
to
> tightly control the time it takes to communicate with a service using SSL.
> Currently, such control is rather difficult to achive on links other than
> ethernet.
>
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
servers connected to MPLS networks are more suspectible to attack?

:-)

Pete

--
Live Life in Broadband
www.telewest.co.uk

The information transmitted is intended only for the person or entity to which it is 
addressed and may contain confidential and/or
privileged material.
Statements and opinions expressed in this e-mail may not represent those of the 
company. Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon, this information by persons 
or entities other than the intended recipient
is prohibited. If you received this in error, please contact the sender immediately 
and delete the material from any computer.

==

RE: OpenSSL

2003-03-18 Thread alex


> MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the
> clever queuing can do it for you - but then it can for IP (because its the
> same thing!).

As Eric stated in his previous message, I have not realized that his point
was that even one machine that has an ethernet connection directly to the
SSL-enabled service, the SSL timing attack is possible. Of course, such
setup is the most common way of connecting systems with SSL-enabled services
to the internet.

Alex

RE: OpenSSL

2003-03-18 Thread Matt Ryan


MPLS (on its own) gives you jack-squat in terms of delay and jitter. All the
clever queuing can do it for you - but then it can for IP (because its the
same thing!).


Matt.

-Original Message-
From: Petri Helenius [mailto:[EMAIL PROTECTED]
Sent: 18 March 2003 15:10
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OpenSSL



>
> While the timing attack is the attack against the SSL server, it is my
> reading of the paper that the attacks' success largely depends on ability
to
> tightly control the time it takes to communicate with a service using SSL.
> Currently, such control is rather difficult to achive on links other than
> ethernet.
>
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
servers connected to MPLS networks are more suspectible to attack?










:-)

Pete


--
Live Life in Broadband
www.telewest.co.uk


The information transmitted is intended only for the person or entity to which it is 
addressed and may contain confidential and/or privileged material.
Statements and opinions expressed in this e-mail may not represent those of the 
company. Any review, retransmission, dissemination or other use of, or taking of any 
action in reliance upon, this information by persons or entities other than the 
intended recipient is prohibited. If you received this in error, please contact the 
sender immediately and delete the material from any computer.


==

Re: OpenSSL

2003-03-18 Thread Eric Rescorla


[EMAIL PROTECTED] writes:

> > > This means that it is safer for senior managers in a company to 
> > > communicate using private ADSL Internet connections to their desktops 
> > > rather than using a corporate LAN.
> >
> > Afraid not. The timing attack is an attack on the SSL server. 
> > So as long as the SSL server is accessible at all, the attack
> > can be mounted. And once the private key is recovered, then
> > you no longer need LAN access.
> 
> While the timing attack is the attack against the SSL server, it is my
> reading of the paper that the attacks' success largely depends on ability to
> tightly control the time it takes to communicate with a service using SSL.
> Currently, such control is rather difficult to achive on links other than
> ethernet.
Quite so. What I meant here was that as long as Ethernet access
is provided to the server at all, having your own traffic sent
over a non-Ethernet link doesn't protect you.

-Ekr

-- 
[Eric Rescorla   [EMAIL PROTECTED]
http://www.rtfm.com/

Re: OpenSSL

2003-03-18 Thread alex


> > While the timing attack is the attack against the SSL server, it is my
> > reading of the paper that the attacks' success largely depends on ability to
> > tightly control the time it takes to communicate with a service using SSL.
> > Currently, such control is rather difficult to achive on links other than
> > ethernet.
> >
> Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
> servers connected to MPLS networks are more suspectible to attack?

Have you seen MPLS cards for servers being widely deployed?  :) 
The smaller the number of router(s) sitting between attacker and the target,
the closer attacker can control the timing.

Alex

Re: OpenSSL

2003-03-18 Thread Petri Helenius


>
> While the timing attack is the attack against the SSL server, it is my
> reading of the paper that the attacks' success largely depends on ability to
> tightly control the time it takes to communicate with a service using SSL.
> Currently, such control is rather difficult to achive on links other than
> ethernet.
>
Doesn´t MPLS provide consistent delay and minimal jitter and thus SSL
servers connected to MPLS networks are more suspectible to attack?










:-)

Pete

Re: OpenSSL

2003-03-18 Thread alex


> > This means that it is safer for senior managers in a company to 
> > communicate using private ADSL Internet connections to their desktops 
> > rather than using a corporate LAN.
>
> Afraid not. The timing attack is an attack on the SSL server. 
> So as long as the SSL server is accessible at all, the attack
> can be mounted. And once the private key is recovered, then
> you no longer need LAN access.

While the timing attack is the attack against the SSL server, it is my
reading of the paper that the attacks' success largely depends on ability to
tightly control the time it takes to communicate with a service using SSL.
Currently, such control is rather difficult to achive on links other than
ethernet.

Alex

Re: OpenSSL

2003-03-18 Thread Eric Rescorla


[EMAIL PROTECTED] writes:

> > This is a new attack, not the one Schneier was talking about.  It's 
> > very elegant work -- they actually implemented an attack that can 
> > recover the long-term private key.  The only caveat is that their 
> > attack currently works on LANs, not WANs, because they need more 
> > precise timing than is generally feasible over the Internet.
> 
> Hmmm...
> This means that it is safer for senior managers in a company to 
> communicate using private ADSL Internet connections to their desktops 
> rather than using a corporate LAN.
Afraid not. The timing attack is an attack on the SSL server. 
So as long as the SSL server is accessible at all, the attack
can be mounted. And once the private key is recovered, then
you no longer need LAN access.

-Ekr

-- 
[Eric Rescorla   [EMAIL PROTECTED]
http://www.rtfm.com/

Re: OpenSSL

2003-03-18 Thread Michael . Dillon


> This is a new attack, not the one Schneier was talking about.  It's 
> very elegant work -- they actually implemented an attack that can 
> recover the long-term private key.  The only caveat is that their 
> attack currently works on LANs, not WANs, because they need more 
> precise timing than is generally feasible over the Internet.

Hmmm...
This means that it is safer for senior managers in a company to 
communicate using private ADSL Internet connections to their desktops 
rather than using a corporate LAN.

Very interesting. Could IP Centrex be the wave of the future? Will ISPs 
offer random jitter insertion guarantees on such a service to foil people 
using timing attacks?

--Michael Dillon

Re: OpenSSL

2003-03-17 Thread Scott Francis

On Mon, Mar 17, 2003 at 12:55:24PM -0500, [EMAIL PROTECTED] said:
> In message <[EMAIL PROTECTED]>, Scott Francis writes:
> >
> 
> >
> >Fun is about all it comes to. See what Schneier had to say in the most
> >recent crypto-gram regarding this hole.
> >
> 
> This is a new attack, not the one Schneier was talking about.  It's 
> very elegant work -- they actually implemented an attack that can 
> recover the long-term private key.  The only caveat is that their 
> attack currently works on LANs, not WANs, because they need more 
> precise timing than is generally feasible over the Internet.

Hm, mea culpa. I read the title without digging very far into the actual
announcements and thought it a rehash of the earlier holes. Thanks for
clearing it up for me.
-- 
Scott Francis || darkuncle (at) darkuncle (dot) net
  illum oportet crescere me autem minui


pgp0.pgp
Description: PGP signature

Re: OpenSSL

2003-03-17 Thread Stewart, William C (Bill), SALES

Steve Bellovin wrote:
> The only caveat is that their attack currently works on LANs, not WANs, 
> because they need more precise timing than is generally feasible over the Internet.

On the other hand, many of the SSL servers on the web
are located in hosting centers, which are LAN-connected to potential attackers
who can get accounts on machines in the same hosting centers.
The attackers' and targets' servers tend to have routers in front of them,
as well as the switches provided by the hosting center,
but it's still much more precise than the open net.

Re: OpenSSL

2003-03-17 Thread Steven M. Bellovin

In message <[EMAIL PROTECTED]>, Scott Francis writes:
>

>
>Fun is about all it comes to. See what Schneier had to say in the most
>recent crypto-gram regarding this hole.
>

This is a new attack, not the one Schneier was talking about.  It's 
very elegant work -- they actually implemented an attack that can 
recover the long-term private key.  The only caveat is that their 
attack currently works on LANs, not WANs, because they need more 
precise timing than is generally feasible over the Internet.

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Re: OpenSSL

2003-03-17 Thread Scott Francis

On Mon, Mar 17, 2003 at 04:39:31AM -0500, [EMAIL PROTECTED] said:
> 
> 
> More OpenSSL (and SSH) fun.
> 
> http://lists.netsys.com/pipermail/full-disclosure/2003-March/004524.html
> AND
> http://lists.netsys.com/pipermail/full-disclosure/2003-March/004529.html

Fun is about all it comes to. See what Schneier had to say in the most
recent crypto-gram regarding this hole.
<http://www.counterpane.com/crypto-gram-0303.html>
-- 
Scott Francis || darkuncle (at) darkuncle (dot) net
  illum oportet crescere me autem minui


pgp0.pgp
Description: PGP signature

OpenSSL

2003-03-17 Thread Len Rose



More OpenSSL (and SSH) fun.

http://lists.netsys.com/pipermail/full-disclosure/2003-March/004524.html
AND
http://lists.netsys.com/pipermail/full-disclosure/2003-March/004529.html

RE: OpenSSL

Re: OpenSSL

RE: OpenSSL

RE: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

Re: OpenSSL

OpenSSL

15 matches

Site Navigation

Mail list logo

Footer information