Re: [TLS] Would this fix RC4 again? (was Re: Encrypt-then-MAC again (was Re: padding bug))
Nikos Mavrogiannopoulos <nmav@gnutls.org> Thu, 14 November 2013 09:52 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E73621E81E2 for <tls@ietfa.amsl.com>; Thu, 14 Nov 2013 01:52:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F+xG5RCgiBVg for <tls@ietfa.amsl.com>; Thu, 14 Nov 2013 01:52:14 -0800 (PST)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 844EC21E8175 for <tls@ietf.org>; Thu, 14 Nov 2013 01:52:14 -0800 (PST)
Received: by mail-la0-f47.google.com with SMTP id ep20so1325404lab.6 for <tls@ietf.org>; Thu, 14 Nov 2013 01:52:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=9uY5in2ICez0RAYjUdRmobS/f8IrZADbhtihfE1AsVc=; b=nIaueCD89EP2EZPTCTq2LIjZyVJINEVgMDH42Aj0XFVltfHqSPS9s+Zd8FIBsbKj4j grfQYrLrTL8I7UwaAz7qAzcHzM4YX2gq2L4SbZe8mK8Sp8oHj/eOJi2kaxCCr62lo0IM ERxPGcz4zaSFcysc99zQSm7iPra/hB2/wU464llUOl5hYyJvIZPvgUB4u+bavcslr2MB gc7wPeJOC098JvMzm7RYt96LnVYJutfxf7jZSL0iUWU0cTpWNkqfHcklnK+fEMWKoq0k VnWShEbNrFsHeX+Lzb3ALnOa0szLo7vEQTPxVH9iaGs5kL2ElxUKKhKyTY4i2MMjOeoZ /9BA==
MIME-Version: 1.0
X-Received: by 10.152.4.230 with SMTP id n6mr292950lan.1.1384422733422; Thu, 14 Nov 2013 01:52:13 -0800 (PST)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.112.133.196 with HTTP; Thu, 14 Nov 2013 01:52:13 -0800 (PST)
In-Reply-To: <52844E54.8000606@pobox.com>
References: <20131112222944.2B0FD1AA82@ld9781.wdf.sap.corp> <1384400970.2092.7.camel@aspire.lan> <52844E54.8000606@pobox.com>
Date: Thu, 14 Nov 2013 10:52:13 +0100
X-Google-Sender-Auth: -E1R-DOR1Ta3L1bQYDN2jMlsjq0
Message-ID: <CAJU7zaJ6dho55VWAHQcyHhOqwpkDy+VzXUiquLqNZr2YSCM-Sw@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Michael D'Errico <mike-list@pobox.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Would this fix RC4 again? (was Re: Encrypt-then-MAC again (was Re: padding bug))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2013 09:52:15 -0000
On Thu, Nov 14, 2013 at 5:15 AM, Michael D'Errico <mike-list@pobox.com> wrote: >> The above draft does: >> 1. prevent padding oracle attacks >> 2. hide the length of the plaintext >> What you propose there is having the plaintext appear and finish in an >> unpredictable position. That's an interesting approach, not handled by >> the draft above. >> >> In simple terms you're asking for more bells and whistles :) > If I recall correctly from DJB's paper, the problem with RC4 is bias in > the first 256 or so bytes of the key stream. Would it be possible to > "fix" RC4 using this extension? Simply insert a random amount (at > least 256 bytes) of pseudo-random padding at the beginning of the first > record sent using an RC4 cipher suite? Kenny answered on the question. However, even if it would solve it, would it really be worth it to make hacks to save RC4? regards, Nikos
- [TLS] Requesting feedback on TACK draft Trevor Perrin
- Re: [TLS] Requesting feedback on TACK draft Peter Gutmann
- Re: [TLS] Requesting feedback on TACK draft Lewis, Nick
- [TLS] padding bug (was: Re: Requesting feedback o… Peter Saint-Andre
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Nikos Mavrogiannopoulos
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Eric Rescorla
- Re: [TLS] padding bug (was: Re: Requesting feedba… Alfredo Pironti
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Yaron Sheffer
- Re: [TLS] padding bug (was: Re: Requesting feedba… Paterson, Kenny
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Adam Langley
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Nico Williams
- Re: [TLS] padding bug Nikos Mavrogiannopoulos
- Re: [TLS] padding bug Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] padding bug (was: Re: Requesting feedba… Bodo Moeller
- Re: [TLS] padding bug (was: Re: Requesting feedba… Paterson, Kenny
- Re: [TLS] padding bug Brian Smith
- Re: [TLS] padding bug Martin Rex
- [TLS] Encrypt-then-MAC again (was Re: padding bug) Michael D'Errico
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Michael D'Errico
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ben Laurie
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Bryan C. Geraghty
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- [TLS] Would this fix RC4 again? (was Re: Encrypt-… Michael D'Errico
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Watson Ladd
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Paterson, Kenny
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Nikos Mavrogiannopoulos
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Jacob Appelbaum
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Alex Elsayed
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- [TLS] draft-mavrogiannopoulos-new-tls-padding-00 Martin Rex
- Re: [TLS] draft-mavrogiannopoulos-new-tls-padding… Nikos Mavrogiannopoulos