Re: [hybi] AES-128-CTR not much safer, but not fast either
Adam Barth <ietf@adambarth.com> Mon, 10 January 2011 06:42 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 373063A6A5C for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:42:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.891
X-Spam-Level:
X-Spam-Status: No, score=-3.891 tagged_above=-999 required=5 tests=[AWL=-0.914, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0pfwhRx3maD2 for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:42:39 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id AD2CB3A6934 for <hybi@ietf.org>; Sun, 9 Jan 2011 22:42:39 -0800 (PST)
Received: by gyd12 with SMTP id 12so8150196gyd.31 for <hybi@ietf.org>; Sun, 09 Jan 2011 22:44:52 -0800 (PST)
Received: by 10.236.109.12 with SMTP id r12mr11979682yhg.32.1294641892351; Sun, 09 Jan 2011 22:44:52 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id i60sm16995307yhj.17.2011.01.09.22.44.50 (version=SSLv3 cipher=RC4-MD5); Sun, 09 Jan 2011 22:44:51 -0800 (PST)
Received: by iyi42 with SMTP id 42so19087511iyi.31 for <hybi@ietf.org>; Sun, 09 Jan 2011 22:44:50 -0800 (PST)
Received: by 10.231.19.138 with SMTP id a10mr12132078ibb.127.1294641889990; Sun, 09 Jan 2011 22:44:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.11.140 with HTTP; Sun, 9 Jan 2011 22:44:19 -0800 (PST)
In-Reply-To: <20110110063646.GJ5743@1wt.eu>
References: <20110110000908.GD5743@1wt.eu> <8B0A9FCBB9832F43971E38010638454F03F5258EEC@SISPE7MB1.commscope.com> <20110110063646.GJ5743@1wt.eu>
From: Adam Barth <ietf@adambarth.com>
Date: Sun, 09 Jan 2011 22:44:19 -0800
Message-ID: <AANLkTintz6hWL1ez0-FnPaZmi1jfBhtZ+NMd60dM=Y=D@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Hybi <hybi@ietf.org>, "Thomson, Martin" <Martin.Thomson@andrew.com>
Subject: Re: [hybi] AES-128-CTR not much safer, but not fast either
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 06:42:44 -0000
Or we could just use AES-128-CTR like everyone else in the known universe and not worry about whether we've shaved exactly the right number of hairs off our home-brew pseudo crypto. Adam On Sun, Jan 9, 2011 at 10:36 PM, Willy Tarreau <w@1wt.eu> wrote: > On Mon, Jan 10, 2011 at 10:21:16AM +0800, Thomson, Martin wrote: >> On 2011-01-10 at 11:09:08, Willy Tarreau wrote: >> > willy@pcw:~/c$ time ./aes-128-ctr-get >> > Found the 'GET\n' pattern on the wire after 1608425803 bytes >> >> You might also find the collected works of Shakespeare in the byte stream had you waited a little longer. > > I know, that's just a matter of defining "a little longer", as none of us > will live long enough for that. > >> I'm not sure what you are hoping to prove by searching. > > What I'm just showing is that we have the following points : > 1) it was reported by an experiment that some caching intermediaries > were waiting for an HTTP request after the HTTP handshake was over > > 2) it was speculated that some lazy intermediaries might possibly skip > over whatever they did not understand to resync on an HTTP request > they understand and execute it, hence the need for masking the > stream or payload. Please note that no such intermediary has even > been remotely detected, and that several people here who have > already been involved with server code expressed that making them > capable of doing so would be much more difficult than doing the > right thing and would not even respect the principle of laziness. > > 3) it has been suggested that a simple 32-bit XOR was not enough and > that stronger cryptography was needed, because after a certain > number of attempts, the server might get the client to send a > request that such an intermediary can parse. > > 4) it was reported that at least one intermediary (Apache) accepts > an HTTP/0.9 request as simple as "GET\n". > > 5) it was shown that whatever algorithm we used to address the third > point was not enough to cover the second point for the supposedly > lazy intermediaries from #2 acting like Apache. > > So now, we have a choice : > - either we agree that #2 above is not that much of a risk such that > we don't need #3 to address it ; > > - or we agree that #2 is still much of a concern, but as #4 is real, > then #3 is not a valid solution, as was proven with #5, and we > must use another one. > > But right now we're just complicating the protocol and removing some > possibilities of later extensions without addressing the reason why > we did that in the first place. > > Thanks, > Willy > > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- Re: [hybi] AES-128-CTR not much safer, but not fa… Thomson, Martin
- [hybi] AES-128-CTR not much safer, but not fast e… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Scott Ferguson
- Re: [hybi] AES-128-CTR not much safer, but not fa… Bruce Atherton
- Re: [hybi] AES-128-CTR not much safer, but not fa… Yuta Kitamura
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Cedric Vivier