Re: [saag] NSA bug in Windows 10
Daniel Van Geest <Daniel.VanGeest@isara.com> Fri, 17 January 2020 13:36 UTC
Return-Path: <Daniel.VanGeest@isara.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B9F12004E for <saag@ietfa.amsl.com>; Fri, 17 Jan 2020 05:36:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1DQw7I2Pee0d for <saag@ietfa.amsl.com>; Fri, 17 Jan 2020 05:36:35 -0800 (PST)
Received: from esa2.isaracorp.com (esa2.isaracorp.com [207.107.152.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0697612001A for <saag@ietf.org>; Fri, 17 Jan 2020 05:36:34 -0800 (PST)
IronPort-SDR: hO4xHeqM782UMCV8tKJNYtgVJGclkyJmvjGG762t/FoUX19Zf7Zi8dPJn+s94POnM9MrRsCTuz tr3X+flog0WdoAhUj8fU3+xrJ3rjZdjbiSowOS8kEdZvH+3h8FD39aBn1+Q1HjAMkpImlirHJa 8GasSyHx4SmW1J2JHijbJocQBKhAiSUPDbnAfHOPU2J3iBKxhGBSquPyyReW2Ke4PdKbDMDH8f m6BK+ysVA0/I2xQllEFbZDgjI6GB+rXIyvoP+Rrn3GLKfxhmCzOn7S7nV5zeZ+JKpq76CQ+BkM tZ4=
X-URL-LookUp-ScanningError: 1
Received: from unknown (HELO V0501WEXGPR01.isaracorp.com) ([10.5.8.20]) by ip2.isaracorp.com with ESMTP; 17 Jan 2020 13:36:30 +0000
Received: from V0501WEXGPR01.isaracorp.com (10.5.8.20) by V0501WEXGPR02.isaracorp.com (10.5.9.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1847.3; Fri, 17 Jan 2020 08:37:06 -0500
Received: from V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba]) by V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba%7]) with mapi id 15.01.1847.005; Fri, 17 Jan 2020 08:37:06 -0500
From: Daniel Van Geest <Daniel.VanGeest@isara.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Benjamin Kaduk <kaduk@mit.edu>, Dan Brown <danibrown@blackberry.com>
CC: IETF SAAG <saag@ietf.org>
Thread-Topic: [External]Re: [saag] NSA bug in Windows 10
Thread-Index: AQHVzTs1pVBAbScFtUeDqEEHLtV82Q==
Date: Fri, 17 Jan 2020 13:37:06 +0000
Message-ID: <47B98698-1B77-498C-983C-F0CD6D3515CF@isara.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.5.52]
Content-Type: multipart/alternative; boundary="_000_47B986981B77498C983CF0CD6D3515CFisaracom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/z2N9pfPmriGslcSzXBIeAYxQu0s>
Subject: Re: [saag] NSA bug in Windows 10
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 13:36:39 -0000
The best summary I’ve seen is here: https://blog.trailofbits.com/2020/01/16/exploiting-the-windows-cryptoapi-vulnerability/ In short, a received root was being compared to the trusted root based only on the public key, but the private key and parameters of the received root was generated from the trusted public key using Vaudenay. Then verification was done using the received root since it was “the same” as the trusted root. Daniel Van Geest On 2020-01-17, 6:55 AM, "saag on behalf of Peter Gutmann" <saag-bounces@ietf.org<mailto:saag-bounces@ietf.org> on behalf of pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>> wrote: Benjamin Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>> writes: I remember reading something that involved [...] Based on, admittedly, zero reading of stuff around this so far (trying to find some time this weekend), I assume it's of the type covered here: Digital Signature Schemes with Domain Parameters https://lasec.epfl.ch/pub/lasec/doc/Vau04b.pdf Or at least that's one possible vuln that you get from not checking domain parameters. Peter. _______________________________________________ saag mailing list saag@ietf.org<mailto:saag@ietf.org> https://www.ietf.org/mailman/listinfo/saag
- [saag] NSA bug in Windows 10 Phillip Hallam-Baker
- Re: [saag] NSA bug in Windows 10 Peter Gutmann
- Re: [saag] NSA bug in Windows 10 Dan Brown
- Re: [saag] NSA bug in Windows 10 Santosh Chokhani
- Re: [saag] NSA bug in Windows 10 Benjamin Kaduk
- Re: [saag] NSA bug in Windows 10 Peter Gutmann
- Re: [saag] NSA bug in Windows 10 Daniel Van Geest
- Re: [saag] NSA bug in Windows 10 Phillip Hallam-Baker
- Re: [saag] NSA bug in Windows 10 Viktor Dukhovni
- Re: [saag] NSA bug in Windows 10 Dan Brown
- Re: [saag] NSA bug in Windows 10 Peter Gutmann
- Re: [saag] NSA bug in Windows 10 Benjamin Kaduk
- Re: [saag] NSA bug in Windows 10 Michael Richardson