Re: [jose] backwards compatibility attack on JWT impls (was: I-D Action: draft-ietf-jose-json-web-algorithms-02.txt)
"Manger, James H" <James.H.Manger@team.telstra.com> Tue, 26 March 2013 22:32 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CEC921F85C3 for <jose@ietfa.amsl.com>; Tue, 26 Mar 2013 15:32:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bcyf4Ea6+WAp for <jose@ietfa.amsl.com>; Tue, 26 Mar 2013 15:32:23 -0700 (PDT)
Received: from ipxavo.tcif.telstra.com.au (ipxavo.tcif.telstra.com.au [203.35.135.200]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED1521F85BC for <jose@ietf.org>; Tue, 26 Mar 2013 15:32:22 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.84,915,1355058000"; d="scan'208";a="125653696"
Received: from unknown (HELO ipcavi.tcif.telstra.com.au) ([10.97.217.200]) by ipoavi.tcif.telstra.com.au with ESMTP; 27 Mar 2013 09:32:22 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,7026"; a="174188700"
Received: from wsmsg3754.srv.dir.telstra.com ([172.49.40.198]) by ipcavi.tcif.telstra.com.au with ESMTP; 27 Mar 2013 09:32:21 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3754.srv.dir.telstra.com ([172.49.40.198]) with mapi; Wed, 27 Mar 2013 09:32:21 +1100
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>, Juraj Somorovsky <juraj.somorovsky@rub.de>
Date: Wed, 27 Mar 2013 09:32:19 +1100
Thread-Topic: [jose] backwards compatibility attack on JWT impls (was: I-D Action: draft-ietf-jose-json-web-algorithms-02.txt)
Thread-Index: Ac4p6GNTFlaTABSKQLWjM67ALK71HwAiGgGg
Message-ID: <255B9BB34FB7D647A506DC292726F6E1150BEFFD2B@WSMSG3153V.srv.dir.telstra.com>
References: <20130325230836.cc40c4f3d92d2001859047cd8cabb9ab.1243c28b28.wbe@email07.europe.secureserver.net>
In-Reply-To: <20130325230836.cc40c4f3d92d2001859047cd8cabb9ab.1243c28b28.wbe@email07.europe.secureserver.net>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: IETF JOSE WG <jose@ietf.org>
Subject: Re: [jose] backwards compatibility attack on JWT impls (was: I-D Action: draft-ietf-jose-json-web-algorithms-02.txt)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 22:32:23 -0000
> I read the paper James suggested, and it advocates achieving constant > time to solve timing attacks. How about doing the opposite, injecting > random duration no-ops in the decryption code? That doesn't solve the problem. It makes an attacker’s job harder, but by making more requests and applying statistics the attacker can remove the affect of the random-duration no-ops. And it slows your code down. -- James Manger >> Take at look at http://www.imperialviolet.org/2013/02/04/luckythirteen.html for some idea about the care required to actually resist timing attacks. >> The Go language appears to have code with decent protections to avoid leaking crucial timing details: http://golang.org/src/pkg/crypto/rsa/pkcs1v15.go.
- [jose] backwards compatibility attack on JWT impl… =JeffH
- Re: [jose] backwards compatibility attack on JWT … Mike Jones
- Re: [jose] backwards compatibility attack on JWT … Brian Campbell
- Re: [jose] backwards compatibility attack on JWT … Mike Jones
- Re: [jose] backwards compatibility attack on JWT … Justin Richer
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Brian Campbell
- Re: [jose] backwards compatibility attack on JWT … Richard Barnes
- Re: [jose] backwards compatibility attack on JWT … Richard Barnes
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Vladimir Dzhuvinov / NimbusDS
- Re: [jose] backwards compatibility attack on JWT … Peck, Michael A
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Richard Barnes
- Re: [jose] backwards compatibility attack on JWT … Manger, James H
- Re: [jose] backwards compatibility attack on JWT … Manger, James H
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky
- Re: [jose] backwards compatibility attack on JWT … Vladimir Dzhuvinov / NimbusDS
- Re: [jose] backwards compatibility attack on JWT … Manger, James H
- Re: [jose] backwards compatibility attack on JWT … Juraj Somorovsky