Re: [hybi] AES-128-CTR not much safer, but not fast either
Willy Tarreau <w@1wt.eu> Mon, 10 January 2011 06:34 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67B293A6A64 for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:34:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.081
X-Spam-Level:
X-Spam-Status: No, score=-2.081 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZrJzsyy44jo for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:34:38 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id DDECD3A6A5D for <hybi@ietf.org>; Sun, 9 Jan 2011 22:34:36 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p0A6akSH011612; Mon, 10 Jan 2011 07:36:46 +0100
Date: Mon, 10 Jan 2011 07:36:46 +0100
From: Willy Tarreau <w@1wt.eu>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
Message-ID: <20110110063646.GJ5743@1wt.eu>
References: <20110110000908.GD5743@1wt.eu> <8B0A9FCBB9832F43971E38010638454F03F5258EEC@SISPE7MB1.commscope.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8B0A9FCBB9832F43971E38010638454F03F5258EEC@SISPE7MB1.commscope.com>
User-Agent: Mutt/1.4.2.3i
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] AES-128-CTR not much safer, but not fast either
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 06:34:39 -0000
On Mon, Jan 10, 2011 at 10:21:16AM +0800, Thomson, Martin wrote: > On 2011-01-10 at 11:09:08, Willy Tarreau wrote: > > willy@pcw:~/c$ time ./aes-128-ctr-get > > Found the 'GET\n' pattern on the wire after 1608425803 bytes > > You might also find the collected works of Shakespeare in the byte stream had you waited a little longer. I know, that's just a matter of defining "a little longer", as none of us will live long enough for that. > I'm not sure what you are hoping to prove by searching. What I'm just showing is that we have the following points : 1) it was reported by an experiment that some caching intermediaries were waiting for an HTTP request after the HTTP handshake was over 2) it was speculated that some lazy intermediaries might possibly skip over whatever they did not understand to resync on an HTTP request they understand and execute it, hence the need for masking the stream or payload. Please note that no such intermediary has even been remotely detected, and that several people here who have already been involved with server code expressed that making them capable of doing so would be much more difficult than doing the right thing and would not even respect the principle of laziness. 3) it has been suggested that a simple 32-bit XOR was not enough and that stronger cryptography was needed, because after a certain number of attempts, the server might get the client to send a request that such an intermediary can parse. 4) it was reported that at least one intermediary (Apache) accepts an HTTP/0.9 request as simple as "GET\n". 5) it was shown that whatever algorithm we used to address the third point was not enough to cover the second point for the supposedly lazy intermediaries from #2 acting like Apache. So now, we have a choice : - either we agree that #2 above is not that much of a risk such that we don't need #3 to address it ; - or we agree that #2 is still much of a concern, but as #4 is real, then #3 is not a valid solution, as was proven with #5, and we must use another one. But right now we're just complicating the protocol and removing some possibilities of later extensions without addressing the reason why we did that in the first place. Thanks, Willy
- Re: [hybi] AES-128-CTR not much safer, but not fa… Thomson, Martin
- [hybi] AES-128-CTR not much safer, but not fast e… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Scott Ferguson
- Re: [hybi] AES-128-CTR not much safer, but not fa… Bruce Atherton
- Re: [hybi] AES-128-CTR not much safer, but not fa… Yuta Kitamura
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Cedric Vivier