[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attack against handshake protocol

To: ietf-tls@xxxxxxxxxxxxx
Subject: Attack against handshake protocol
From: Tammy Carter <TCARTER@xxxxxxxxxx>
Date: Thu, 24 Jul 1997 14:44:42 -0600
Reply-to: <ietf-tls@xxxxxxxxxxxxx>

In section F.1.3, Detecting Attacks Against the Handshake Protocol, 
the draft says that an attacker may influence the handshake exchange 
to influence the suite which is chosen.  It then states that the attacker
must change multiple handshake messages, which will cause the
client and server to generate different values for the handshake hashes
and cause the attack to be discovered.

It seems to me that, if a weak enough cipher suite were agreed upon
by the client and the server, the attacker would also be able
to compute the master secret quickly enough to play 
"man in the middle."  In this way, the attacker could, effectively,
get one packet from the server, change it as desired, and pass
it along to the client.  Likewise, the attacker could receive client
packets, change them as desired, and pass them along to the 
server.  At least until the attacker gained the desired access
or information.

My question is how "weak" would the cipher suite have to be
to permit this to happen?

My concern is that the exportable cipher suites are either 
already in this category or will soon fall into it.  And, if
they are made mandatory as per Jeff S's last email,
this could open up vulnerabilities for software that is just trying
to comply with the standard.



Tammy Green Carter
Novell, Inc.

Prev by Date: Re: Comments on Mandatory Ciphers and a Proposal
Next by Date: Re: Comments on Mandatory Ciphers and a Proposal
Previous by thread: Comments on Mandatory Ciphers and a Proposal
Next by thread: Re: Attack against handshake protocol
Index(es):
- Date
- Thread