Re: [hybi] AES-128-CTR not much safer, but not fast either
Willy Tarreau <w@1wt.eu> Mon, 10 January 2011 06:34 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67B293A6A64 for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:34:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.081
X-Spam-Level:
X-Spam-Status: No, score=-2.081 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZrJzsyy44jo for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 22:34:38 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id DDECD3A6A5D for <hybi@ietf.org>; Sun, 9 Jan 2011 22:34:36 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p0A6akSH011612; Mon, 10 Jan 2011 07:36:46 +0100
Date: Mon, 10 Jan 2011 07:36:46 +0100
From: Willy Tarreau <w@1wt.eu>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
Message-ID: <20110110063646.GJ5743@1wt.eu>
References: <20110110000908.GD5743@1wt.eu> <8B0A9FCBB9832F43971E38010638454F03F5258EEC@SISPE7MB1.commscope.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8B0A9FCBB9832F43971E38010638454F03F5258EEC@SISPE7MB1.commscope.com>
User-Agent: Mutt/1.4.2.3i
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] AES-128-CTR not much safer, but not fast either
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 06:34:39 -0000
On Mon, Jan 10, 2011 at 10:21:16AM +0800, Thomson, Martin wrote:
> On 2011-01-10 at 11:09:08, Willy Tarreau wrote:
> > willy@pcw:~/c$ time ./aes-128-ctr-get
> > Found the 'GET\n' pattern on the wire after 1608425803 bytes
>
> You might also find the collected works of Shakespeare in the byte stream had you waited a little longer.
I know, that's just a matter of defining "a little longer", as none of us
will live long enough for that.
> I'm not sure what you are hoping to prove by searching.
What I'm just showing is that we have the following points :
1) it was reported by an experiment that some caching intermediaries
were waiting for an HTTP request after the HTTP handshake was over
2) it was speculated that some lazy intermediaries might possibly skip
over whatever they did not understand to resync on an HTTP request
they understand and execute it, hence the need for masking the
stream or payload. Please note that no such intermediary has even
been remotely detected, and that several people here who have
already been involved with server code expressed that making them
capable of doing so would be much more difficult than doing the
right thing and would not even respect the principle of laziness.
3) it has been suggested that a simple 32-bit XOR was not enough and
that stronger cryptography was needed, because after a certain
number of attempts, the server might get the client to send a
request that such an intermediary can parse.
4) it was reported that at least one intermediary (Apache) accepts
an HTTP/0.9 request as simple as "GET\n".
5) it was shown that whatever algorithm we used to address the third
point was not enough to cover the second point for the supposedly
lazy intermediaries from #2 acting like Apache.
So now, we have a choice :
- either we agree that #2 above is not that much of a risk such that
we don't need #3 to address it ;
- or we agree that #2 is still much of a concern, but as #4 is real,
then #3 is not a valid solution, as was proven with #5, and we
must use another one.
But right now we're just complicating the protocol and removing some
possibilities of later extensions without addressing the reason why
we did that in the first place.
Thanks,
Willy
- Re: [hybi] AES-128-CTR not much safer, but not fa… Thomson, Martin
- [hybi] AES-128-CTR not much safer, but not fast e… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Adam Barth
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Scott Ferguson
- Re: [hybi] AES-128-CTR not much safer, but not fa… Bruce Atherton
- Re: [hybi] AES-128-CTR not much safer, but not fa… Yuta Kitamura
- Re: [hybi] AES-128-CTR not much safer, but not fa… Willy Tarreau
- Re: [hybi] AES-128-CTR not much safer, but not fa… Cedric Vivier