Re: [Cfrg] Security proofs v DH backdoors
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 01 November 2016 00:50 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2464B12940F for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 17:50:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.697
X-Spam-Level:
X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r40WiHR3_eDx for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 17:50:23 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB94120726 for <cfrg@irtf.org>; Mon, 31 Oct 2016 17:50:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1477961421; x=1509497421; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=KhzDeRbblpAm9znb9qG5BXP7vdKT09i1cMMhx2mjLis=; b=eAgVnkNBOyqrFvGQu2/wq5iJxUjAoMmxkxSaDeeJWQiaXVDHqBPBZjPz /o/Ms9NtgC43fOEpaJZki4zAaAEOgsTeUri8GXhbmHIi2oJ9pfbKe+Seo BJfdbZFaNAXpWomxQnjhPRi/EW9ZkfRLOG/PImTlHnBixophyfXrO59Jr g7RFar6OmSZQ/wzLfdnq7N+h8AorEpLJyg16nH69l9/TzJPaAsCg9XLPy VHMIvcR3H376zh8lhIcD9pXRsmPDI9i5BT3jeeb5DD1BlO9WND+qNezCl uqpLhZPLBH4peEb+aCMecX+D3WDVyXR5ofqKr5itsFEqUZ8vHINm4nqXz A==;
X-IronPort-AV: E=Sophos;i="5.31,577,1473076800"; d="scan'208";a="112935931"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.4 - Outgoing - Outgoing
Received: from uxcn13-ogg-c.uoa.auckland.ac.nz ([10.6.2.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 01 Nov 2016 13:50:17 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-c.UoA.auckland.ac.nz (10.6.2.24) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 1 Nov 2016 13:50:18 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Tue, 1 Nov 2016 13:50:18 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Tony Arcieri <bascule@gmail.com>
Thread-Topic: [Cfrg] Security proofs v DH backdoors
Thread-Index: AQHSMEAWZy2e+SPalEyp/G+CJ2BAv6C9nFXGgAMQG4CAAanMIP//wRsAgAE7yBM=
Date: Tue, 01 Nov 2016 00:50:17 +0000
Message-ID: <1477961415238.78465@cs.auckland.ac.nz>
References: <20161025131014.5709905.2866.6563@blackberry.com> <20161025133016.GA9081@LK-Perkele-V2.elisa-laajakaista.fi> <1477456366629.49872@cs.auckland.ac.nz> <44595.1477524032@eng-mail01.juniper.net> <20161027103214.5709905.11728.6650@blackberry.com> <20161027125120.4d260334@pc1> <1477647359860.49982@cs.auckland.ac.nz> <CAHOTMVJprJ0HAXLcvdzeSW8N99L-_43Gh7vEqL4Z=T541TVnSQ@mail.gmail.com> <1477907089090.8356@cs.auckland.ac.nz>, <CAHOTMVLJup1kzRWiargq-jh8wb+oynSTVZ8HAEQCb4ysk9ozfA@mail.gmail.com>
In-Reply-To: <CAHOTMVLJup1kzRWiargq-jh8wb+oynSTVZ8HAEQCb4ysk9ozfA@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/cHErFkriPn8IFtgrP639oN1xq-w>
Cc: CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Security proofs v DH backdoors
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 00:50:28 -0000
Tony Arcieri <bascule@gmail.com> writes: >I don't know about "millions" (it's hard to say without stats on internal TLS >deployments which aren't visible from the Internet), but Logjam was pretty >pervasive, and also one of the forcing factors for the PCI council to mandate >TLS 1.1 at a minimum by 2018. Logjam wasn't really a DH weakness though, it was a "dear God, we're still using 512-bit keys in 2015?!?!?!?" weakness. Also, TLS 1.1 won't fix that, you can use toy keys with any version of the protocol (there's a somewhat resigned explanatory comment in -LTS next to a SHOULD NOT that says that it shouldn't be necessary to have an explicit SHOULD NOT for something that was known to be broken 20 years ago, but that it's necessary because people will continue to use it otherwise). Having said that, using logjam as an excuse to mandate 1.1 was pretty crafty :-). Peter.
- [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Mark D. Baushke
- Re: [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Daniel Bleichenbacher
- Re: [Cfrg] Security proofs v DH backdoors John Mattsson
- Re: [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Michael Scott
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Salz, Rich
- Re: [Cfrg] Security proofs v DH backdoors Michael Scott
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors David Adrian
- Re: [Cfrg] Security proofs v DH backdoors Watson Ladd
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Antonio Sanso
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Watson Ladd
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Paterson, Kenny
- Re: [Cfrg] Security proofs v DH backdoors Paterson, Kenny