IETF Logo Mail Archive

Re: [CFRG] Psychic Signatures

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 21 April 2022 06:25 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8184D3A00DF for <cfrg@ietfa.amsl.com>; Wed, 20 Apr 2022 23:25:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3YS7U0eO915q for <cfrg@ietfa.amsl.com>; Wed, 20 Apr 2022 23:25:26 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9956F3A0045 for <cfrg@irtf.org>; Wed, 20 Apr 2022 23:25:24 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2176.outbound.protection.outlook.com [104.47.71.176]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-108-5pdqBpMUNkOgcxQ2CrTLeg-1; Thu, 21 Apr 2022 16:25:21 +1000
X-MC-Unique: 5pdqBpMUNkOgcxQ2CrTLeg-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by ME3PR01MB7896.ausprd01.prod.outlook.com (2603:10c6:220:186::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.13; Thu, 21 Apr 2022 06:25:20 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b1ff:c012:f28a:c1a0]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b1ff:c012:f28a:c1a0%9]) with mapi id 15.20.5186.014; Thu, 21 Apr 2022 06:25:20 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Phillip Hallam-Baker <phill@hallambaker.com>, IRTF CFRG <cfrg@irtf.org>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Thread-Topic: [CFRG] Psychic Signatures
Thread-Index: AQHYVNnTrRXxz2Yo1UGZx8lZbXvhuaz55yCO
Date: Thu, 21 Apr 2022 06:25:20 +0000
Message-ID: <SY4PR01MB62519FEA53D39AABAF0BD0F4EEF49@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <CAMm+LwhBJXmtXqDbhibMOPwumzSzOvu40SXwnUXm5QgUsLW58A@mail.gmail.com>
In-Reply-To: <CAMm+LwhBJXmtXqDbhibMOPwumzSzOvu40SXwnUXm5QgUsLW58A@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f0aa9aeb-ae4f-4a75-78bb-08da235fb5b4
x-ms-traffictypediagnostic: ME3PR01MB7896:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <ME3PR01MB78969E00F152E43FFDB705D3EEF49@ME3PR01MB7896.ausprd01.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: 1KWbyYFPXa/O7+0oKL1Xl5YjXGpEAorV3uvw4ZuhaZQ2ZoDHcXHZBgJ/vHCcxa7aA8UD0D7UbX+KNXQdaOobMGbx2/yV/k+V1B9Mf0B7L8+ejI0kNZ2EahfNguqMs6avZb2V9wl32cbMkN3Yg3YKA6C3FX99aTTbyJS52R5JRjC51LTbYE4PJn5IcEGqCeZAKofT8zRnn2s0LziNRGSmQncrIvUDiym2uIUZkWSWLG8rXgipgGVRRuYiQywvqO5vCqJK9CjXB7qp55WWqmn91W4Ro5+oZyF2AlSgFj7D9pVFmhTikgL7RLV/+MTWbTndmuG3/9tILSY89Srdyh2FZfy6cD3S8iopXBjuRKfMNptjEZr4Jwpt3C+XIHxYstC2KxAYfDuLY5sPhtdutbnPGxL3nY+kUtedV405UHF2hutUljfbxmCr1/gCNsdSVPyEfi3nx5xJlIYtsxTNf9VwxrZ+ppj5mtfEK20irjqk2XhNYflkcmcJXAJdqDJMynvQJt5l72UJm3QEvRRb99Si9ruKf0iuI/NnncWfjNH92TOGUz6POXRDKxzV/P9q2SZUkjGf+AmZW2ZQ7QrNcwq+lCMaSp+oNa9vibJGlTeyvITTWpVK9Rvz1RR0vvHQrQg9O9b0+lhRvP/9+kWoPMGLJ5FKx1EqYyhE8YT9is4kbw7NwjnKfO+A5iF7HDcefkyg9lxYqZynMiLdSDPBeJrPWg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(508600001)(122000001)(76116006)(38100700002)(66446008)(4326008)(71200400001)(66946007)(33656002)(66476007)(64756008)(66556008)(38070700005)(2906002)(5660300002)(316002)(55016003)(786003)(107886003)(7696005)(6506007)(86362001)(8936002)(26005)(52536014)(8676002)(9686003)(110136005)(83380400001)(186003)(4744005); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: wS5yOtsditvG9b4WGMJcwGqnMpG/rX7xsH0PVZRWFgcRJb8/QFVu69+mUI+2QMzxm9XqZ/XR/tcFcjx4yWylwPw9PbnRQha+VWaZg0dLSWYYo2eC4NYeiNhS6o2PpR48BRFbZsg9ey7/EDlSylRLlsh2nCV9XdgmCogxy93G2YPPda90m1EOC8OolN4QuFFhAhy+/kn9qrUuyXSFDl2O2hhzLjjd7jRuxcumHFvy+Nzadk0z9c6SekFarSBKqW6SjCuDu7w+7M2Wzb7bI1OLCBvStO6/VfkJjuWnC+qNb6TXxfsa6hisn9pzwnFmZt+dUmqIQ7Di4B4ER5llYy+ReaKnfgafSRS/YcDBoPTX8q1o7vqqq8HDHreoXcu5qYLr1NrTt12QnrgKEFaI34AHsrhsQx7WvKsyTemt84jsS9JwEIC6R6Yvc0RhyjzA72ENPc03tOJ07ZoH5Kyr3YMlq/CR2ls9fEdAzFPokFFpLKRy2gOHAmyb012gtrtWylABVt0Qd8E7yTwv6Yr+tSryGSBf/+QPwJgNbLFzxh92v1+7IKdS7E9RcxCltaicOynwwfFav9y5IrfAgn0SYkAGHVoDbaaLX5TtWcsp8DGjMn5UCizI7Pa8OF9ahN3bJVaN6rkZOh8fg/gU+kyC/PFtJaq8pkpPchb6eMZTlWE/yUxak29/jmvS1p8dVolqWMWcvgS1+V/R7r/SVIgy3hTcwxscqlUFvv/a9wVWNJENRD9+qrCk3KPAYW0UBg7QfNZls3ty/sl5EUVlPh9hLQ8GP5mwVujw2or6CZkgjFlrR8MnfU3ChI+y2fw7ykx7pRcDDnmdXMYQeSoT11z3xawdIaD1Agz/0mR4ocLrdCDYJbMFlt/60Sj9Xjxyun+A3madEwAByyrY/SqdUtlDDTS8YUk0OYMRwKe+t/BQbhkIBPZr0/zHxoliuN8uE5vIl+LHW+etXbpOGFa2JOQOC1nwkr4bXQXbPNhJgZMe+6uGhhbU0ReHMIXmfAFhH+4gXh9HEGUKI35z5pb2tecCe0rgH8tvaj+X8bn9gwBjSqBP5U9YgpExyidYYDYFpRDh09YUq/8rs4M9ESVCArF3XZ7g5YVjB0eaXvETdbawZbAq1nnaAFapzU1REJ7YKXBoXHY6HSCxr5FwNDAiN8M7+hYW3TLc4wyqla1Stt+lBAtkThQxKJivc1RNPfKsJJ0s679wVLJlKnK+cnmUu+VY4YX5ajZBPGZPXJJhM1lFB5+kExsGE5Oyls+WJfUvulBHEA73ZFnMAGFkfmaNHB3v7Em7yjY5gO8LA5lLrujaPNDgG3z0ejUyN4Na1nmA3E2UXkzistRh+NMmzUqOVO9lVWPlhSM5Q78GjOMnYigoL5wHpllGUD5CYytG0dr3WJQ0pYHmNt9K331GPGkJQqcDdDigVOpxHasXBYeFoF3U2C2oHqvYiJEajWZiYafJjYcU9iXQiBmWrNdbGOt2bFuZaHQajrGsXlIvI4JhbqMhO+NkHUc0CSS9EAojqoj3gFgwzftP1y805Fj88UhS8qTcMBdidkA/SFdRaxnVsDT+HbNC0pJYvMX8PyD39YP+ypz3ZTzZO2JTP2zlMsaaKDoAQyC5KcvkM7oT14rJO6y92M8gnQ724/lqPrB4WqdK7CA35rE2OGmywTWyJZe7isDLwaPfkzYAUhtgHj0vNg41MyqBr314Tkx4OaG4/5kqC3wPKX/gmwxD/ftWf8o9/8QG/DaHSDsPL8JeLxXFHXdau/5CKOU=
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0aa9aeb-ae4f-4a75-78bb-08da235fb5b4
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Apr 2022 06:25:20.3234 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dVhFd3h1040dYW6jc/iWu6bb86lCSOlDxPRXiAnHqD1DWZoHswLKAspSoMNIa3tlx9kaYqbP27E0dRwbj65SpVzYpgs0Xb2TqYKkr+Uv/zo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3PR01MB7896
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/qkV7aGifPtGL2e7TY-S3dhXt0m4>
Subject: Re: [CFRG] Psychic Signatures
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2022 06:25:31 -0000

Phillip Hallam-Baker <phill@hallambaker.com> writes:

>So, it would be good if Oracle got the message that they should get with the
>program.

It's not just Oracle, it's scary how many crypto libraries and apps, so code
specifically written for high-security applications, don't check their input,
we have a trail of 0days going back two decades showing how dire this is.  And
it's not just the public stuff, I've found non-public commercial crypto code
that accepts things like all-zero values, discovered via a process as simple
as generating some dummy data during testing and finding that the other side
unexpectedly accepts it as valid.

Perhaps we need a test vector collection of bogus values that can be run past
any crypto library with the implicit guarantee that if the code accepts any of
them, it's broken.  For the common signature algorithms, self-signed certs
with invalid sigs would probably be the best mechanism.

(No, I'm not volunteering to generate said test vectors).

Peter.

v2.23.0 | Report a Bug | By Email