[12569] in cryptography@c2.net mail archive
Re: [Bodo Moeller ] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Feb 24 12:20:18 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Sat, 22 Feb 2003 18:19:34 +1300
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@wasabisystems.com
An extremely trivial observation, but may be useful to some:
>The attack assumes that multiple SSL or TLS connections involve a common
>fixed plaintext block, such as a password.
There's been a discussion about how this affects POP over SSL on a private
list. My suggestion was:
-- Snip --
- Don't retry a connection repeatedly if it fails the first time (I guess you
don't do that anyway, but some programs like Outlook try automated repeated
connects).
- Add random whitespace to the initial messages so the password isn't always
at a fixed location (that is, sprinkle extra spaces and tabs and whatnot
around in the lines you send up to and including the password).
-- Snip --
This changes the padding on each message containing the password, making the
attack rather more difficult, and has the advantage that you don't need to
convince the party running the server to update their software. Depending on
how much stuff you can send per message, you can vary it by quite a bit. In
the POP case the "PASS xxx" would be a single message so you don't have quite
that much leeway, but it looks like you can add enough whitespace to make the
padding random. Someone else on the list posted a followup to say he'd tried
it on two servers and they had no trouble with the whitespace.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
