IETF Logo Mail Archive

Re: [hybi] AES-128-CTR not much safer, but not fast either

Adam Barth <ietf@adambarth.com> Mon, 10 January 2011 06:42 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 373063A6A5C for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:42:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.891
X-Spam-Level:
X-Spam-Status: No, score=-3.891 tagged_above=-999 required=5 tests=[AWL=-0.914, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0pfwhRx3maD2 for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:42:39 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id AD2CB3A6934 for <hybi@ietf.org>; Sun, 9 Jan 2011 22:42:39 -0800 (PST)
Received: by gyd12 with SMTP id 12so8150196gyd.31 for <hybi@ietf.org>; Sun, 09 Jan 2011 22:44:52 -0800 (PST)
Received: by 10.236.109.12 with SMTP id r12mr11979682yhg.32.1294641892351; Sun, 09 Jan 2011 22:44:52 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id i60sm16995307yhj.17.2011.01.09.22.44.50 (version=SSLv3 cipher=RC4-MD5); Sun, 09 Jan 2011 22:44:51 -0800 (PST)
Received: by iyi42 with SMTP id 42so19087511iyi.31 for <hybi@ietf.org>; Sun, 09 Jan 2011 22:44:50 -0800 (PST)
Received: by 10.231.19.138 with SMTP id a10mr12132078ibb.127.1294641889990; Sun, 09 Jan 2011 22:44:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.11.140 with HTTP; Sun, 9 Jan 2011 22:44:19 -0800 (PST)
In-Reply-To: <20110110063646.GJ5743@1wt.eu>
References: <20110110000908.GD5743@1wt.eu> <8B0A9FCBB9832F43971E38010638454F03F5258EEC@SISPE7MB1.commscope.com> <20110110063646.GJ5743@1wt.eu>
From: Adam Barth <ietf@adambarth.com>
Date: Sun, 09 Jan 2011 22:44:19 -0800
Message-ID: <AANLkTintz6hWL1ez0-FnPaZmi1jfBhtZ+NMd60dM=Y=D@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Hybi <hybi@ietf.org>, "Thomson, Martin" <Martin.Thomson@andrew.com>
Subject: Re: [hybi] AES-128-CTR not much safer, but not fast either
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 06:42:44 -0000

Or we could just use AES-128-CTR like everyone else in the known
universe and not worry about whether we've shaved exactly the right
number of hairs off our home-brew pseudo crypto.

Adam


On Sun, Jan 9, 2011 at 10:36 PM, Willy Tarreau <w@1wt.eu> wrote:
> On Mon, Jan 10, 2011 at 10:21:16AM +0800, Thomson, Martin wrote:
>> On 2011-01-10 at 11:09:08, Willy Tarreau wrote:
>> > willy@pcw:~/c$ time ./aes-128-ctr-get
>> > Found the 'GET\n' pattern on the wire after 1608425803 bytes
>>
>> You might also find the collected works of Shakespeare in the byte stream had you waited a little longer.
>
> I know, that's just a matter of defining "a little longer", as none of us
> will live long enough for that.
>
>>  I'm not sure what you are hoping to prove by searching.
>
> What I'm just showing is that we have the following points :
>  1) it was reported by an experiment that some caching intermediaries
>     were waiting for an HTTP request after the HTTP handshake was over
>
>  2) it was speculated that some lazy intermediaries might possibly skip
>     over whatever they did not understand to resync on an HTTP request
>     they understand and execute it, hence the need for masking the
>     stream or payload. Please note that no such intermediary has even
>     been remotely detected, and that several people here who have
>     already been involved with server code expressed that making them
>     capable of doing so would be much more difficult than doing the
>     right thing and would not even respect the principle of laziness.
>
>  3) it has been suggested that a simple 32-bit XOR was not enough and
>     that stronger cryptography was needed, because after a certain
>     number of attempts, the server might get the client to send a
>     request that such an intermediary can parse.
>
>  4) it was reported that at least one intermediary (Apache) accepts
>     an HTTP/0.9 request as simple as "GET\n".
>
>  5) it was shown that whatever algorithm we used to address the third
>     point was not enough to cover the second point for the supposedly
>     lazy intermediaries from #2 acting like Apache.
>
> So now, we have a choice :
>  - either we agree that #2 above is not that much of a risk such that
>    we don't need #3 to address it ;
>
>  - or we agree that #2 is still much of a concern, but as #4 is real,
>    then #3 is not a valid solution, as was proven with #5, and we
>    must use another one.
>
> But right now we're just complicating the protocol and removing some
> possibilities of later extensions without addressing the reason why
> we did that in the first place.
>
> Thanks,
> Willy
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>

v2.23.0 | Report a Bug | By Email