[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Attack against handshake protocol
Tammy,
Tammy Carter wrote:
>
> In section F.1.3, Detecting Attacks Against the Handshake Protocol,
> the draft says that an attacker may influence the handshake exchange
> to influence the suite which is chosen. It then states that the attacker
> must change multiple handshake messages, which will cause the
> client and server to generate different values for the handshake hashes
> and cause the attack to be discovered.
>
> It seems to me that, if a weak enough cipher suite were agreed upon
> by the client and the server, the attacker would also be able
> to compute the master secret quickly enough to play
> "man in the middle." In this way, the attacker could, effectively,
> get one packet from the server, change it as desired, and pass
> it along to the client. Likewise, the attacker could receive client
> packets, change them as desired, and pass them along to the
> server. At least until the attacker gained the desired access
> or information.
>
> My question is how "weak" would the cipher suite have to be
> to permit this to happen?
>
> My concern is that the exportable cipher suites are either
> already in this category or will soon fall into it. And, if
> they are made mandatory as per Jeff S's last email,
> this could open up vulnerabilities for software that is just trying
> to comply with the standard.
Agreed wit your conclusion here. This is just another reason that
MANDITORY ciphersuites should not be part of that standard. I have
tried to point this and other arguments for nearly two weeks now.
I believe that Tom W also made a similar comment along these lines
as well.
>
> Tammy Green Carter
> Novell, Inc.
>
>
Regards,
--
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. IEG. INC.
Phone :913-294-2375 (v-office)
E-Mail jwkckid1@xxxxxxxxxxxxx