[TLS] Dr-Ing. thesis on attacking SSL
Watson Ladd <watsonbladd@gmail.com> Thu, 17 April 2014 05:42 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8204E1A004A for <tls@ietfa.amsl.com>; Wed, 16 Apr 2014 22:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mEEJ3vnUG5SC for <tls@ietfa.amsl.com>; Wed, 16 Apr 2014 22:41:59 -0700 (PDT)
Received: from mail-yh0-x22d.google.com (mail-yh0-x22d.google.com [IPv6:2607:f8b0:4002:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 74BF11A002A for <tls@ietf.org>; Wed, 16 Apr 2014 22:41:59 -0700 (PDT)
Received: by mail-yh0-f45.google.com with SMTP id a41so11682910yho.4 for <tls@ietf.org>; Wed, 16 Apr 2014 22:41:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=WCxIz+G9KbjG6ypPGPWfMC0JzYdkQ3Bd50BF5Ccw7QM=; b=H/oajUpI2KAcc6ISCG/eFyF7rBzm5Sbj/IO+MfuUOoh5srRedB4FpEg2sWXWzHJDuY oyFgceH7Dv1XkPw3sMvF27DLFFruzJXYccVH7TfL6y9pbVAfaT/SBR25Bn1jksRz7D1A 3M7YGZCzJbI5lfn5S7sIZk5DbnVEAiL9TouGfrHR9Y68wsBaiFCchJucbphjxPg8OQX/ z6wNpDvEyEqnw42aOIINwHHIJwFlRdktefeFhWXzBmggG9VoHNwXd8vVY1g6czek/crl 4vHsygyNaA7i80mwFYefqQNgP98A01Gy4olglaN7E9nY6rioGAPGq7OOlbEr3kA3W3nx iFIg==
MIME-Version: 1.0
X-Received: by 10.236.85.45 with SMTP id t33mr18824853yhe.74.1397713315848; Wed, 16 Apr 2014 22:41:55 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Wed, 16 Apr 2014 22:41:55 -0700 (PDT)
Date: Wed, 16 Apr 2014 22:41:55 -0700
Message-ID: <CACsn0ckDB4mUU7dZNE1NdjasDt8QEzR3GuhspAD25qO6StxPtw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/1yGMGfFbsCt4plQMfdClxvfyqhY
Subject: [TLS] Dr-Ing. thesis on attacking SSL
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 05:42:04 -0000
Dear all, I would highly suggest reading the following. http://www-brs.ub.ruhr-uni-bochum.de/netahtml/HSS/Diss/MeyerChristopher/diss.pdf Some of these attacks are new, some are old. A patch has been released to Java for some of these issues, but other implementations should go through and check. Of particular interest is the advanced fingerprinting capability displayed, due to variant behavior between crypto stacks. In addition weakness in random number generation go beyond Dual_EC. Furthermore, the Million Message Attack continues to be useful. From my brief glance through it looks like this is about it. Sincerely, Watson Ladd
- [TLS] Dr-Ing. thesis on attacking SSL Watson Ladd