[Ach] on algorithmic agility

christian mock cm at coretec.at
Tue Dec 3 15:03:33 CET 2013


On Tue, Dec 03, 2013 at 04:20:05PM +0300, ianG wrote:

> Somewhat after the decision, I know, and fighting a lost battle, but
> here's what DJB said in March, at FSE in his keynote "Failures of
> secret-key cryptography"
> 
>   “Cryptographic algorithm agility”:
>   (1) the pretense that bad crypto is okay if there’s a backup plan +
>   (2) the pretense that there is in fact a backup plan.
> 
>   SSL has a crypto switch that in theory allows switching to
> AES-GCM. But most SSL software doesn’t support AES-GCM.

Please consider that in the context of this paper we have to work with
what we've got, that is, supported cipher suites on the server and
client side. 

We are working on the intersection of those sets of suites, which for
added fun is not static, but depends on the environment and changes
over time.

That means that the set of server cipher suites has to have more than
one member to be practical. That alone is not "algorithmic agility",
because it could just be varying key sizes of the same cipher and
hash.

But take into consideration that anytime in the future, a feasible
attack against one of the cipher suites emerges. If they are all too
similiar, that could mean removing it would leave us with an empty
set.

Putting different ciphers into the set has the drawback of increasing
the probability that an attack emerges, but at the same time leaves us
(and our readers) with alternatives. Just remove the affected suites,
and you're still left with some secure[0] suites so hopefully part of
your clients can still connect.

Additionally, one can hope that due to increased usage, "alternative"
ciphers would get more cryptanalysis, which would also be beneficial.

So from a practical point of view I am very much in favor of including
more than one cipher in the recommended suites, and I hope I have
explained why.

cm.

[0] translation: not already publicly known to be broken :-)

-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.



More information about the Ach mailing list