IETF Logo Mail Archive

Re: [saag] A case against algorithm agility (long)

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Mon, 05 May 2014 17:32 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D576E1A03F7 for <saag@ietfa.amsl.com>; Mon, 5 May 2014 10:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNBLNl_zVGoK for <saag@ietfa.amsl.com>; Mon, 5 May 2014 10:32:51 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe001.messaging.microsoft.com [216.32.180.11]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9871A03EC for <saag@ietf.org>; Mon, 5 May 2014 10:32:51 -0700 (PDT)
Received: from mail215-va3-R.bigfish.com (10.7.14.229) by VA3EHSOBE004.bigfish.com (10.7.40.24) with Microsoft SMTP Server id 14.1.225.22; Mon, 5 May 2014 17:32:47 +0000
Received: from mail215-va3 (localhost [127.0.0.1]) by mail215-va3-R.bigfish.com (Postfix) with ESMTP id 051274C02B4; Mon, 5 May 2014 17:32:47 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.248.5; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0310HT002.eurprd03.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -3
X-BigFish: PS-3(zzbb2dI98dIdbb0idbf2izz1f42h1ee6h1de0h1d18h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6h208chzz1d7338h17326ah8275bh8275dh1de097h186068h5eeeK1d68dehz2fh109h2a8h839he5bhf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d0ch1d2eh1d3fh1dfeh1dffh1fe8h1ff5h209eh2216h22d0h2336h2438h2461h2487h24d7h2516h2545h255eh25cch25f6h2605h268bh26d3h27e2h)
Received-SPF: pass (mail215-va3: domain of rhul.ac.uk designates 157.56.248.5 as permitted sender) client-ip=157.56.248.5; envelope-from=Kenny.Paterson@rhul.ac.uk; helo=AMSPRD0310HT002.eurprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10019001)(6009001)(428001)(24454002)(243025003)(479174003)(51704005)(199002)(189002)(66066001)(50986999)(36756003)(19580405001)(19580395003)(86362001)(81342001)(19300405004)(81542001)(92566001)(19273905006)(2656002)(87936001)(92726001)(79102001)(80022001)(76176999)(99396002)(77982001)(64706001)(54356999)(77096999)(83322001)(20776003)(15975445006)(31966008)(76482001)(74502001)(74482001)(74662001)(4396001)(15202345003)(101416001)(21056001)(83072002)(83506001)(46102001)(85852003)(562404015)(563064011); DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail215-va3 (localhost.localdomain [127.0.0.1]) by mail215-va3 (MessageSwitch) id 1399311165983586_29808; Mon, 5 May 2014 17:32:45 +0000 (UTC)
Received: from VA3EHSMHS001.bigfish.com (unknown [10.7.14.228]) by mail215-va3.bigfish.com (Postfix) with ESMTP id EBF9D60020D; Mon, 5 May 2014 17:32:45 +0000 (UTC)
Received: from AMSPRD0310HT002.eurprd03.prod.outlook.com (157.56.248.5) by VA3EHSMHS001.bigfish.com (10.7.99.11) with Microsoft SMTP Server (TLS) id 14.16.227.3; Mon, 5 May 2014 17:32:44 +0000
Received: from DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) by AMSPRD0310HT002.eurprd03.prod.outlook.com (10.255.40.37) with Microsoft SMTP Server (TLS) id 14.16.453.0; Mon, 5 May 2014 17:32:42 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.0.934.12; Mon, 5 May 2014 17:32:42 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0934.000; Mon, 5 May 2014 17:32:42 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: ianG <iang@iang.org>, Nico Williams <nico@cryptonector.com>
Thread-Topic: [saag] A case against algorithm agility (long)
Thread-Index: AQHPZubNd9Iu85kHOUqnSs3I53FZdpsyG8iAgAAk0gCAABJcgA==
Date: Mon, 5 May 2014 17:32:41 +0000
Message-ID: <CF8D8911.1D4D1%kenny.paterson@rhul.ac.uk>
References: <53650F27.6040607@iang.org> <CAK3OfOhGCKPrYzhC46EVAnro6_FEsNVt16Gzx3Ds3zfR2wznOA@mail.gmail.com> <5367C9DC.10009@iang.org>
In-Reply-To: <5367C9DC.10009@iang.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.1.140326
x-originating-ip: [80.42.220.21]
x-forefront-prvs: 0202D21D2F
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
Content-Type: text/plain; charset="utf-7"
Content-ID: <43E9FBF3216BE747B2D4B6B66AF98167@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/PC2EtqtR59DF7ANkyQf1yHWNxWM
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] A case against algorithm agility (long)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:32:54 -0000


On 05/05/2014 18:26, "ianG" <iang@iang.org> wrote:

>> Nonsense.  The CBC IV chaining bugs were exploited against SSHv2.  We
>> were very glad back then to have deployed AES in counter mode as that
>> saved our butts.
>
>
>Any reference to that?

How about these:

http://www.kb.cert.org/vuls/id/958563

http://www.openssh.com/txt/cbc.adv


and

http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf


(for details of the attack).

Cheers,

Kenny

v2.8.7 | Report a Bug | By Email