Re: [Cfrg] [TLS] 3DES diediedie
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 28 August 2016 12:16 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C42512D5F7 for <cfrg@ietfa.amsl.com>; Sun, 28 Aug 2016 05:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Level:
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWzbTtNdhsoM for <cfrg@ietfa.amsl.com>; Sun, 28 Aug 2016 05:16:18 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3236E12D0FE for <cfrg@irtf.org>; Sun, 28 Aug 2016 05:16:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1472386578; x=1503922578; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=IcPZTVF09HKWBmY/W+NjjsXFdmPCsE+3514GuOW0fzA=; b=bG4c/+wBklhQjTtURmXeNsNeq/O5I4T1kvBtXBNSsO+g4xNdxkJkaaCI R6EbgPNspAL6wxZzlkHMzJm+iBhHRCnNjNS3b3DPvdPNYkpvhUrMgVJ5i zypRYcOPnP+eoqFFDYn7zQ9bWCTwXyULnP6kVCEid0nSJulm1r4GCfqnW bPxge6FssCCecn5p1hd1HSOt1R1F9HIX8p/NI6rfiv2P4JRXBzFBIXFoK dfA9ENceTWNZGlmxJKH4HVTzmv4s8jdGruPKU94+D8YOpgE4QVt8ZrHyP DR7vITq7/KFdoXvbTFmYVxhMMJZhtARCHZxAS5fx8ywLOkqKwXDoHkLK4 w==;
X-IronPort-AV: E=Sophos;i="5.28,591,1464609600"; d="scan'208";a="103742998"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx4-int.auckland.ac.nz with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Aug 2016 00:16:16 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.93]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0266.001; Mon, 29 Aug 2016 00:16:16 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Thread-Topic: [TLS] [Cfrg] 3DES diediedie
Thread-Index: AQHR/8MKtrFGWEVZoU+YIDla8GEE7aBcuoQ1//9++oCAAhKmbg==
Date: Sun, 28 Aug 2016 12:16:16 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4D052A9@uxcn10-5.UoA.auckland.ac.nz>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <F42128A0-9682-4042-8C7E-E3686743B314@cisco.com> <9A043F3CF02CD34C8E74AC1594475C73F4D0473F@uxcn10-5.UoA.auckland.ac.nz>, <3F61CE56-4F24-4B88-889E-344F11AEB4D5@gmail.com>
In-Reply-To: <3F61CE56-4F24-4B88-889E-344F11AEB4D5@gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.2.2]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/I4-1F57mr7K7L4VhG4yMcTSBlQI>
Cc: "David McGrew (mcgrew)" <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [Cfrg] [TLS] 3DES diediedie
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 12:16:19 -0000
Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> writes: >If every message IoT device sends is a 16 bytes message consisting of one 8 >byte secret and one 8 byte known plaintext, then with a 64-bit cipher, we >only need roughly 64GB in order to get a meaningful collision (50% chance of >recovering the secret). The 768GB value we gave was for recovering cookies >from realistic web browser traffic that could be triggered from JavaScript. Sure, and I picked the 768GB value because it looks especially unrealistic :-). However, for typical SCADA/IoT even a value of 100MB is probably unrealistic in practice, for the combined reasons that the device just isn't interesting to attack, it doesn't send enough data to collect lots of it unless you're prepared to wait a really long time, and, most importantly, there are a thousand easier ways to get in if you really want to. Has anyone every seen a SCADA device that stood up to even the smallest amount of analysis/pen-testing? I've currently got a rather pricey security monitoring box sitting here awaiting investigation, and I can pretty much guarantee I'll find something like unencrypted C&C, calling home to random addresses overseas, unauthenticated firmware updates, and who knows what else, just from simple Pineapple or Ettercap check, let alone any kind of active pen-testing. So I think it's important to distinguish between a cool demo in the lab and something an attacker would actually do. Of all the talks and demos I've seen of people compromising SCADA and IoT devices, precisely zero even looked at the crypto, let alone tried to attack it [0]. So if it's something that no- one bothers attacking because there's always an easier way, it doesn't matter how strong or weak it is. As Ian Grigg recently put it: The problem we have is not how to get stronger crypto in place, it's how to get more crypto in place. Securing something like MQTT would be a good start... Peter. [0] Alongside simply ignoring the fact that crypto may or may not be present, I'm also taking things like "fails to check cert issuers" and "allows unauthenticated remote firmware updates" as "not looking at the crypto".
- Re: [Cfrg] [TLS] 3DES diediedie Viktor Dukhovni
- [Cfrg] 3DES diediedie Tony Arcieri
- Re: [Cfrg] 3DES diediedie Benjamin Kaduk
- Re: [Cfrg] 3DES diediedie Tony Arcieri
- Re: [Cfrg] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie John Mattsson
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
- Re: [Cfrg] [TLS] 3DES diediedie david wong
- Re: [Cfrg] [TLS] 3DES diediedie Eric Rescorla
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
- Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [SSH] [TLS] 3DES diediedie denis bider (Bitvise)
- Re: [Cfrg] 3DES diediedie Geoffrey Keating
- Re: [Cfrg] [SSH] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [SSH] [TLS] 3DES diediedie David Jacobson
- Re: [Cfrg] [TLS] 3DES diediedie Dmitry Belyavsky
- Re: [Cfrg] [TLS] 3DES diediedie Stanislav V. Smyshlyaev
- Re: [Cfrg] [TLS] 3DES diediedie Hanno Böck
- Re: [Cfrg] [TLS] 3DES diediedie Иван Лавриков
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] [TLS] 3DES diediedie Watson Ladd
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] [TLS] 3DES diediedie Karthikeyan Bhargavan
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Hubert Kario
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] 3DES diediedie John Mattsson
- [Cfrg] (confusing the issues) Re: [TLS] 3DES died… Rene Struik
- Re: [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] (confusing the issues) Re: 3DES … Dave Garrett
- Re: [Cfrg] 3DES diediedie Jon Callas
- Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Jon Callas
- Re: [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Rene Struik
- Re: [Cfrg] (confusing the issues) Re: [TLS] 3DES … Greg Rose
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [Cfrg] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] 3DES diediedie Derek Atkins
- Re: [Cfrg] 3DES diediedie Hilarie Orman
- Re: [Cfrg] [TLS] 3DES diediedie Brian Sniffen
- Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
- Re: [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
- Re: [Cfrg] [TLS] 3DES diediedie Richard Hartmann
- Re: [Cfrg] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Hilarie Orman
- Re: [Cfrg] [TLS] 3DES diediedie Ben Laurie
- Re: [Cfrg] [TLS] 3DES diediedie Ben Laurie
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Salz, Rich
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Watson Ladd
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Dave Garrett
- Re: [Cfrg] [TLS] 3DES diediedie Ira McDonald
- Re: [Cfrg] [TLS] 3DES diediedie Philip Levis
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Joachim Strömbergson
- Re: [Cfrg] [TLS] 3DES diediedie Richard Hartmann
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Salz, Rich
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Peter Gutmann
- Re: [Cfrg] [TLS] 3DES diediedie Stephen Farrell
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Derek Atkins
- Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
- Re: [Cfrg] [TLS] 3DES diediedie Tony Arcieri
- Re: [Cfrg] [TLS] 3DES diediedie Ilari Liusvaara
- Re: [Cfrg] [TLS] 3DES diediedie Yoav Nir
- Re: [Cfrg] [TLS] 3DES diediedie Kyle Rose
- Re: [Cfrg] [TLS] 3DES diediedie denis bider (Bitvise)