[Ach] Bug/Ba in OpenSSL

Aaron Zauner azet at azet.org
Tue Jan 7 11:25:51 CET 2014 

ianG wrote:

> I'm curious -- where is BSAFE used?  As far as I was aware, it was
> mostly shipped to USG. Is it in general shipping with in any user field?
>  You mention “high security” proprietary windows and java applications
> ... but are those things we should be worried about if we don't use
> them?  Any clue as to which they are?
As far as I know it's used in a lot of commercial windows software,
although I cannot name any particulars. If you google a bit you'll be
able to find enough.

> I need a pithy statement for this.
Whats a pithy statement? :)

>> Dan Kaminsky has proposed an universal RNG a couple of times now - but
>> again, this is not to be used in production.
>>
>> See section 2: 'Four Lines of Javascript that Can’t Possibly Work So
>> why do they?'
>> http://openwall.info/wiki/_media/people/solar/pocorgtfo01.pdf
>
>
> :)  So, that works as a quickie.  But it is also quite easy to attack,
> if that is the only thing going on.  RNGs are not easy on software
> engineering.
Yea I just found it to be interesting. Didn't took to long for someone
to find weaknesses: See the current issue -
http://openwall.info/wiki/_media/people/solar/pocorgtfo02.pdf
(BTW this pdf is also a bootable operating system AND zip file!)

Aaron


On Tue, Jan 7, 2014 at 9:56 AM, ianG <iang at iang.org> wrote:

> On 25/11/13 20:15 PM, Aaron Zauner wrote:
>
>  The counterpoint is DUAL_EC, as it was a default engineered by the NSA's
>>> finest, and recommended by RSA because "our technology is backed by highly
>>> regarded cryptographic experts."  Unlike open source, they say :)  So we
>>> could have fixed it, but only by going against the best advice available.
>>>  Not really helpful as a strategy for the future, if you get my drift…
>>>
>> ..then RSA had to recall BSAFE - a toolkit that is widely used in “high
>> security” proprietary windows and java applications. oh noes!1
>> http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/
>>
>
>
> I'm curious -- where is BSAFE used?  As far as I was aware, it was mostly
> shipped to USG. Is it in general shipping with in any user field?  You
> mention “high security” proprietary windows and java applications ... but
> are those things we should be worried about if we don't use them?  Any clue
> as to which they are?
>
> Yes, this is off topic to ACH :)
>
>
>
>
>>> In short:  use it as it is setup, or write your own.  There isn't a lot
>>> of middle ground.
>>>
>> I absolutely agree. RNGs that get shipped by operating systems are
>> audited heavily, custom RNGs are not. As stated before: I haven’t found a
>> analysis/research paper on HaveGE, the original paper describung the
>> algorithm is years old. This does not seem to be well audited. Proof me
>> wrong.
>>
>
>
> I need a pithy statement for this.
>
>
>
>  Dan Kaminsky has proposed an universal RNG a couple of times now - but
>> again, this is not to be used in production.
>>
>> See section 2: 'Four Lines of Javascript that Can’t Possibly Work So why
>> do they?'
>> http://openwall.info/wiki/_media/people/solar/pocorgtfo01.pdf
>>
>
>
> :)  So, that works as a quickie.  But it is also quite easy to attack, if
> that is the only thing going on.  RNGs are not easy on software engineering.
>
>
>
> iang
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140107/4a9fae7f/attachment.html>

More information about the Ach mailing list