IETF Logo Mail Archive

Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 23 April 2014 17:48 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB6D41A0439 for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 10:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dOAPEv4xnDga for <tls@ietfa.amsl.com>; Wed, 23 Apr 2014 10:48:52 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe001.messaging.microsoft.com [216.32.180.11]) by ietfa.amsl.com (Postfix) with ESMTP id A264C1A0435 for <tls@ietf.org>; Wed, 23 Apr 2014 10:48:52 -0700 (PDT)
Received: from mail52-va3-R.bigfish.com (10.7.14.249) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.22; Wed, 23 Apr 2014 17:47:44 +0000
Received: from mail52-va3 (localhost [127.0.0.1]) by mail52-va3-R.bigfish.com (Postfix) with ESMTP id 9033C401D1; Wed, 23 Apr 2014 17:47:44 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.248.5; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0310HT005.eurprd03.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -5
X-BigFish: PS-5(zzbb2dI98dIzz1f42h1ee6h1de0h1d18h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6h208chzz1de098h17326ah8275bh1de097h186068h5eeeKz2fh109h2a8h839h944he5bhf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d0ch1d2eh1d3fh1dfeh1dffh1fe8h1ff5h209eh2216h22d0h2336h2438h2461h2487h24d7h2516h2545h255eh25cch25f6h2605h262fh268bh26d3h1155h)
Received-SPF: pass (mail52-va3: domain of rhul.ac.uk designates 157.56.248.5 as permitted sender) client-ip=157.56.248.5; envelope-from=Kenny.Paterson@rhul.ac.uk; helo=AMSPRD0310HT005.eurprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10019001)(6009001)(428001)(189002)(199002)(479174003)(243025003)(24454002)(19580405001)(76482001)(2656002)(80976001)(77982001)(83322001)(15975445006)(46102001)(15202345003)(19580395003)(86362001)(4396001)(20776003)(83072002)(92566001)(77096999)(92726001)(74502001)(74482001)(99396002)(74662001)(31966008)(87936001)(54356999)(76176999)(85852003)(79102001)(36756003)(81342001)(81542001)(50986999)(66066001)(80022001); DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:BEE27525.3D0C0419.3FF01FC0.9EE913D9.2013F; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received: from mail52-va3 (localhost.localdomain [127.0.0.1]) by mail52-va3 (MessageSwitch) id 1398275262794775_9667; Wed, 23 Apr 2014 17:47:42 +0000 (UTC)
Received: from VA3EHSMHS018.bigfish.com (unknown [10.7.14.233]) by mail52-va3.bigfish.com (Postfix) with ESMTP id 51E9F1600A0; Wed, 23 Apr 2014 17:47:26 +0000 (UTC)
Received: from AMSPRD0310HT005.eurprd03.prod.outlook.com (157.56.248.5) by VA3EHSMHS018.bigfish.com (10.7.99.28) with Microsoft SMTP Server (TLS) id 14.16.227.3; Wed, 23 Apr 2014 17:47:25 +0000
Received: from DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) by AMSPRD0310HT005.eurprd03.prod.outlook.com (10.255.40.40) with Microsoft SMTP Server (TLS) id 14.16.435.0; Wed, 23 Apr 2014 17:48:25 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.0.921.12; Wed, 23 Apr 2014 17:48:25 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0921.000; Wed, 23 Apr 2014 17:48:24 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: "mrex@sap.com" <mrex@sap.com>, Watson Ladd <watsonbladd@gmail.com>
Thread-Topic: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
Thread-Index: AQHPXBEeN4qqsUtzzkCETpYoPXpAkJsZiM0AgATRIwCAAEGogIAAm1cAgABaFgA=
Date: Wed, 23 Apr 2014 17:48:23 +0000
Message-ID: <CF7DBAC9.1C48B%kenny.paterson@rhul.ac.uk>
References: <CACsn0c=m75TQgNYr+V9y55807MG7c50iV7y-j_wtxKeVXJLh4g@mail.gmail.com> <20140423132546.5DC4E1ACDB@ld9781.wdf.sap.corp>
In-Reply-To: <20140423132546.5DC4E1ACDB@ld9781.wdf.sap.corp>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.1.140326
x-originating-ip: [134.219.227.30]
x-forefront-prvs: 01901B3451
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A7060C6A3DF2784890D3120889D615D1@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/bqANBI5jrGAtnM8_V2jT7OpHqds
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 17:48:57 -0000

On 23/04/2014 14:25, "Martin Rex" <mrex@sap.com> wrote:

>For some usage scenarios, record splitting like
>1+1+1+1+1+1+1+1+1+1+1/(n-11)
>might potentially help somewhat where the RC4 cipher suite can not be
>avoided.

No, this doesn't help, because of the double byte bias attacks. Moreover,
the interesting content (from the attacker's perspective) is rarely in the
first few bytes of the TLS connection. For an analysis of this and other
"countermeasures" to the RC4 attacks, please read the paper at:

http://www.isg.rhul.ac.uk/tls/RC4biases.pdf


especially Section 7.

Cheers

Kenny

v2.23.0 | Report a Bug | By Email