Re: Tomcat config question: 'compression' versus 'SSLDisableCompression'

Fri, 09 Aug 2013 08:12:37 -0700 

On 09/08/2013 15:28, Christopher Schultz wrote:
> Mark,
> 
> On 8/9/13 9:14 AM, Mark Thomas wrote:
>> On 09/08/2013 14:50, Christopher Schultz wrote:
> 
>>> It's too bad it took a researcher a year to figure out that 
>>> compression of any kind makes encryption (where the attacker can
>>> force random probing attacks) weak. It's not like SSL+compression
>>> and SSL-compression+compression is that different.
> 
>> It didn't. The original CRIME presentation covered this topic. I
>> fail to understand why such a fuss is being made of this
>> re-hashing.
> 
> I wouldn't say this constitutes a "fuss".

"fuss" was a reference to how some folks are reacting to this "new"
attack, "BREACH". First it isn't new, second it isn't (in my view)
practical.

>> The original CRIME presentation also (correctly) pointed out that
>> any attack based on this is entirely theoretical and not currently
>> at all practical.
> 
> Coffee shop + XSS? Perhaps a stretch.

To succeed, the attacker requires:

a) The victim is using a site that uses HTTP-level compression on responses
b) The site echoes user input in HTTP response bodies
c) The response bodies contain a constant secret (eg. CSRF token)

So far, not too hard. c) is a little unusual. Session IDs are normally
in cookie headers, CSRF tokens should change on every request. That
said, there are plenty of sites that meet a) to c).

d) The attacker has the ability to view the victim's encrypted traffic.
e) The attacker has the ability to cause the victim to send HTTP
requests to the vulnerable web server.

e) is where I think this attack becomes impractical. This may change
over time but at the moment the coffee shop scenario would require
social engineering the victim or subverting the router if the site mixed
HTTP and HTTPS. A malicious ISP / $work sysadmin is another option with
mixed HTTP/HTTPS.

> The point is that folks are starting to chip-away at certain aspects
> of TLS. Just like they did with hashing algorithms. MD5 was great when
> it came out. So was SSL. There's nothing wrong with looking toward the
> future, even if the current crop of problems aren't exactly catastrophic.

Indeed. If only everyone was approaching this with the same sense of
perspective. I agree the attacks will only get better / easier / more
practical but right now there are some big obstacles and I don't see any
obvious roots to getting over them.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to