-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 03.03.2014 23:35, Dave Cridland wrote: > On 3 March 2014 21:47, Waqas Hussain <[email protected]> wrote: > >> On Mon, Mar 3, 2014 at 3:46 PM, Fedor Brunner >> <[email protected]> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >>> >>> >>> Hi all, this attack on TLS security may be interesting for >>> XMPP >>> https://www.imperialviolet.org/2014/03/03/triplehandshake.html >>> https://secure-resumption.com/#further >>> >>> The attacker could modify tls-unique channel binding and >>> affect SCRAM-SHA-1-PLUS authentication method. >>> >> > > > Yes, it's interesting, at a first glance. > > It would, however, only affect clients that do not verify > certificates properly (at least at the point of sending SASL > stuff). > > You also need clients and servers that are perfectly happy to see > renegotiation, and it's not vastly obvious why XMPP *needs* any > renegotiation. > > So something to be aware of, rather than panic over. > > Dave. > There are multiple attacks described in the document. 1. The attack on client certificate authentication uses both resumption and renegotiation. It's more targeted on behavior of HTTPS servers and it could be more complicated to exploit it in XMPP, but not impossible. 2. The attack on SASL channel binding uses resumption, not renegotiation. Page 11: https://secure-resumption.com/tlsauth.pdf The attack applies to scenario where both XMPP client and server use TLS/SSL libraries that support TLS resumption for example OpenSSL. If the attacker can forge a valid certificate (for example with the help of CA), or the XMPP client is ignoring warning about incorrect SSL certificate (which many users do, see the paper: Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness https://www.cs.berkeley.edu/~devdatta/papers/alice-in-warningland.pdf ) then an active attacker can downgrade the security of SCRAM-SHA-1-PLUS authentication to SCRAM-SHA-1 and do a MITM. -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJTFe5eXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2 RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOtI2MQALPZasHgv0/LYPD0mSYjQOIn 9JwpuOfc1+8zY7Y82bboyxk6mBxPppU/EGl7gSape/EuPK2hrCkXINC6myovrUiq EwfVrlTrtoh9KAOC0pHAUllYASgz9Q/qCmpQXJBCuk8MdA2hPrvqZWwFvNDe0Itn 9s7Xz6q0BQA80WYaKNI7veLnJdt/4ltt/T02WLq7U4Jj/ARdgvK8Bux2DiXmdxYM Sx+xJjMrwTWuAKBSRhmyzjwxWPfNTgDcOdO1lMzDDy7SKcdyxW9eDA4glYDOoWw3 eO94yJU1UCuU5YaU/oonnZTvqkGZGysBEQ05sxHxKm2LRumHjBw6zi9xNwzJYdLW DYRrwRP7zjgbRykZkb6eiOduoIM0+Hfb++EVXPR235iPwUctY07TSyWGSVh5VyNf TU3SPqBzRxkSbPl2jyr067QlAw/lzyzKSS1ErlzkqsFYo+v06Y3YwKVP4lPwOxe3 k6iLPFvDnsGfzr7hlTHeQwVuqkD5YI3EHaq2xuMOk3MXl9z9ktQcbsD7hY3XZTlK CDIIdIzgsr2CxR1jEtllaR65u2FzGt6Wdv5eAaBRlDek1BAJR5CqO51Sg4aAmAH1 tOz+29Mechon+HvzHnSlccQ2XLGYPgFBODuTT+LQZkz29bqXhdiKCR760fctCf/y yUNLfopsuDBbewiRANn1 =3iee -----END PGP SIGNATURE-----
