Nigori: Storing Secrets in the Cloud
Lately, I’ve been thinking about phishing. Again. If we want users to take our sensible advice and use different passwords everywhere, then they’ve got to be able to remember those passwords and move them from machine to machine. In order to do that with any ease, we’ve got to store them in the cloud. But...
Selective Disclosure, At Last?
Apparently it’s nearly five years since I first wrote about this and now it finally seems we might get to use selective disclosure.
I’m not going to re-iterate what selective disclosure is good for and apparently my friend Ben Hyde has spared me from the need to be cynical, though I think (I am not a...
Perhaps Not So Stupid, After All?
Stupid now generates correct (single-block, still) SHA-256 code in C. It has functions. We’re starting to wonder about adding structures, and the semantics of arrays – particularly whether an array passed for output can also be used for input (or vice versa). I’m inclining towards making that illegal – if you want a function that,...
Stupid: A Metalanguage For Cryptography
Various threads lately have got me thinking about implementing cryptography and cryptographic protocols. As I have mentioned before, this is hard. But obviously the task itself is the same every time, by its very nature – if I want to interoperate with others, then I must implement effectively the same algorithm as them. So why...
Is SSL Enough?
In response to my post on OAuth WRAP, John Panzer asks
[A]re you arguing that we shouldn’t rely on SSL? OAuth WRAP (and for that matter, OAuth 1.0 PLAINTEXT) rely on SSL to mitigate the attacks mentioned. Ben Adida’s argument is that SSL libraries won’t save you because people can misconfigure and misuse the libraries. But...
TLS Renegotiation Fix: Nearly There
Finally, after a lot of discussion, the IESG have approved the latest draft of the TLS renegotation fix. It is possible it’ll still change before an RFC number is assigned, but it seems unlikely to me.
But that doesn’t mean there isn’t plenty of work left to do. Now everyone has to implement it (in fact,...
Turn-based Protocols Somewhat Safe
Wietse Venema has a nice analysis showing how an attack on Postfix doesn’t work. The core point here is that in turn-based protocols the common implementation is such that the server (or client – let’s call it an agent) will consume input from the OpenSSL layer character by character, in effect. This means that OpenSSL...
SSL MitM, Day 4
Are we having fun yet? First, thanks to Benson, the only person so far to have expressed any kind of appreciation for the work we volunteers do.
Now to Q&A.
Several people have pointed out that Adam Langley is unhappy that I (and others) have maligned TLS. Apparently
…it’s not a flaw in TLS. The TLS security properties...
SSL MitM Attack, Part 2
A lot can happen in a day. Yesterday the news broke that SSL was compromised. We immediately (OK, it took about 10 hours) released a new version of OpenSSL, 0.9.8l, which mitigates the problem by completely disabling renegotiation. Obviously this will break some sites, and so is not a full fix, so the next step...
Another Protocol Bites The Dust
For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.
To make matters even worse, through a piece of (in retrospect) incredibly bad design,...
Trust in Crypto
Some people fear that an encrypted token send through an untrusted operating system is not safe. Well, decrypt this:<enc:EncryptedData xmlns:enc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><enc:Encryptio...
NSS is FIPS 140-2 level 2 validated
Bob Lord reports that NSS (Network Security Services), the crypto library that powers software such as Firefox, Thunderbird, Open Office, and Fedora directory server, has recently been FIPS 140-2 level 2 validated by NIST. This is an important milestone because NSS is the only open source crypto library that is validated to level 2 (the...
