Re: [TLS] Static DH timing attack
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 10 September 2020 09:24 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D37E3A125C for <tls@ietfa.amsl.com>; Thu, 10 Sep 2020 02:24:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSlQDR1lIdxR for <tls@ietfa.amsl.com>; Thu, 10 Sep 2020 02:24:35 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [124.47.189.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C4CA3A1257 for <tls@ietf.org>; Thu, 10 Sep 2020 02:24:34 -0700 (PDT)
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (mail-sy3aus01lp2059.outbound.protection.outlook.com [104.47.117.59]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-42-LWzGbrLrOWSd6JJaJngPPA-1; Thu, 10 Sep 2020 19:24:31 +1000
X-MC-Unique: LWzGbrLrOWSd6JJaJngPPA-1
Received: from SG2PR0302CA0010.apcprd03.prod.outlook.com (2603:1096:3:2::20) by SYCPR01MB3456.ausprd01.prod.outlook.com (2603:10c6:10:36::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Thu, 10 Sep 2020 09:24:27 +0000
Received: from HK2APC01FT052.eop-APC01.prod.protection.outlook.com (2603:1096:3:2:cafe::e9) by SG2PR0302CA0010.outlook.office365.com (2603:1096:3:2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.5 via Frontend Transport; Thu, 10 Sep 2020 09:24:26 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cs.auckland.ac.nz;
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (130.216.95.208) by HK2APC01FT052.mail.protection.outlook.com (10.152.248.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3370.16 via Frontend Transport; Thu, 10 Sep 2020 09:24:26 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 10 Sep 2020 21:23:03 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.006; Thu, 10 Sep 2020 21:23:03 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Static DH timing attack
Thread-Index: AQHWhrp+9EGmAKHnM0S2YOV3OYQKzqlhmhsF
Date: Thu, 10 Sep 2020 09:23:02 +0000
Message-ID: <1599729784370.87441@cs.auckland.ac.nz>
References: <5595BB40-3AFD-4327-B7B7-5E63FFC594DD@akamai.com>
In-Reply-To: <5595BB40-3AFD-4327-B7B7-5E63FFC594DD@akamai.com>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bd87a897-ce06-46b2-60fa-08d8556b500e
X-MS-TrafficTypeDiagnostic: SYCPR01MB3456:
X-Microsoft-Antispam-PRVS: <SYCPR01MB3456B7C738215870CF881EF5EE270@SYCPR01MB3456.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4714;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: r3RVcBiDk1zO0urMBrtTPrn8oZku2PCfaHJQjKUdKJ52XE58ILZOkPOqOz7EkgeYCFcD5iryvPurmgobZM4zypJDO2y/cUN4vMqdFzfPSAmdmxeV+4WF3L4KUs0jLT4NFriOwNHlrMqKbkDcIqR6To/dwfBF5YHtfxWahj242yFOr3LnhFzOVanmkkgobVFltDLqnyshZWmeUo7SY/x4rNSjdshhgT+86ISwZL69/q3T6bzNQVLQqBGPj6xgg1PXKhwATuTPLFvoroe5rgQclXGR9qynorVr40/p6OGYX9Gp4jNT3doeu7Tm7DWG0OkVSB3Bx+kjA8KxZr/gljehE4yNyLydEdmIdwiOa1boC3F6qlRcNXMrjHf08hlLkzIul7q/t/e6qo8gtJsQwvCpXg==
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-tdc-d.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(136003)(396003)(39860400002)(346002)(376002)(46966005)(186003)(2616005)(110136005)(7636003)(82310400003)(478600001)(336012)(3480700007)(47076004)(5660300002)(4744005)(356005)(86362001)(26005)(36906005)(8676002)(82740400003)(786003)(70206006)(8936002)(2906002)(70586007)(316002); DIR:OUT; SFP:1101;
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Sep 2020 09:24:26.2518 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bd87a897-ce06-46b2-60fa-08d8556b500e
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-tdc-d.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT052.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYCPR01MB3456
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0.002
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-NZ
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4PBXSCqCGYscivb-L8EXqDErj3I>
Subject: Re: [TLS] Static DH timing attack
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 09:24:37 -0000
Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> writes: >Do we need a short RFC saying “do not use static DH” ? There are two things arguing against it: Reason the first: Static-ephemeral DH was a dumb idea when it was proposed in X9.42 more than twenty years ago and hasn't gotten any better since then. If people haven't learned from twenty years of papers and attacks then yet another publication telling them about it probably won't make any difference. Reason the second: Telling people not to use static-ephemeral DH will mean telling them not to use 25519 key exchange, which will make their heads asplode. Peter.
- [TLS] Static DH timing attack Salz, Rich
- Re: [TLS] Static DH timing attack Dmitry Belyavsky
- Re: [TLS] Static DH timing attack Karthik Bhargavan
- Re: [TLS] Static DH timing attack Peter Gutmann
- Re: [TLS] Static DH timing attack Achim Kraus
- Re: [TLS] Static DH timing attack Dan Brown
- Re: [TLS] Static DH timing attack Hugo Krawczyk
- Re: [TLS] Static DH timing attack Salz, Rich
- Re: [TLS] Static DH timing attack Peter Gutmann
- Re: [TLS] Static DH timing attack Peter Gutmann
- Re: [TLS] Static DH timing attack Salz, Rich
- Re: [TLS] Static DH timing attack Russ Housley
- Re: [TLS] Static DH timing attack Filippo Valsorda
- Re: [TLS] Static DH timing attack Peter Gutmann
- Re: [TLS] Static DH timing attack Peter Gutmann
- Re: [TLS] Static DH timing attack Filippo Valsorda
- Re: [TLS] Static DH timing attack Lanlan Pan