Re: [TLS] [Cfrg] 3DES diediedie
Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> Sat, 27 August 2016 16:36 UTC
Return-Path: <karthik.bhargavan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36C8F12B008 for <tls@ietfa.amsl.com>; Sat, 27 Aug 2016 09:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oMP0PKV3ChcV for <tls@ietfa.amsl.com>; Sat, 27 Aug 2016 09:36:02 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A84512B014 for <tls@ietf.org>; Sat, 27 Aug 2016 09:36:02 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id z190so103926822qkc.0 for <tls@ietf.org>; Sat, 27 Aug 2016 09:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gNoMXmKYkIczqbrXF3X8I4spaZqofIFOgM/GsJ91eyU=; b=fXJhGT7pm9AS89n6pOjML7KZLivUCbRftLJTxpv2+pibpc5VwR+cTWOE/MdjkQYNV1 HeHIrof/AASRbmTaBDxdhd4mE4TI2JXLSgpfD44/y4VPqPP5iUTfK2GY5QVQBKDDm3br YnEdSUgpCujKsgrVbMFqAryFukFkN8tIZIgQrAUaE7oYTkhsISmm+a+9Nuq7HoTYrWCt wZJNAjT8yMJPTkHbeCbAAFuIia8Lm0Z1MBwvd0H8DVTuqDOc72HaSZwEJ/p5uTVB1BZE /tL3Wf0PaSz0oA2Zzhc8BliEeL3LfILt+Cjd+7z71BH6hEUEK6ngQW54+85EAsvFPfq+ jO/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gNoMXmKYkIczqbrXF3X8I4spaZqofIFOgM/GsJ91eyU=; b=MTi/MrZ6HlkPJV/OTNAd7JV+HENVHHyqaxW83hCbnSWri1kMNkTNNA27xrh8Tv1DSd weOHBmqZ+7WzeK3REVPKpf+0bdwbeXvc8Md3P8CwO6AzjdRevxDIXAGTAKcf9PKzdVUZ 9SDWfqOtmZ36rOq+rKhWqoO18zWNPiTC8ijOCWxLBcnUEckwztIfrjfx10IZuEepB25p 6h+nabgRQnVj3ZlsYMvOvfWDKxUSxyRCLbLAu4iKhU2h3ugREsFDJUxdPbXo+4PC78vp 57U3jKWZa+hLW22e1TS+L4i5n6kbDViHud8G4ZcCQ+hCyi/jAqXcxat12Vf/IJb2Kt1d FTeQ==
X-Gm-Message-State: AE9vXwNPPb+/OvPBRdvbGqHL9frLuWa7jzvTXdmPpAqm65IsptuThynZEGOcGBilpwuCzg==
X-Received: by 10.55.82.8 with SMTP id g8mr8768615qkb.33.1472315761549; Sat, 27 Aug 2016 09:36:01 -0700 (PDT)
Received: from [192.168.0.100] ([71.181.71.184]) by smtp.gmail.com with ESMTPSA id y36sm13399423qtc.46.2016.08.27.09.35.59 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 27 Aug 2016 09:36:00 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4D0473F@uxcn10-5.UoA.auckland.ac.nz>
Date: Sat, 27 Aug 2016 12:35:59 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3F61CE56-4F24-4B88-889E-344F11AEB4D5@gmail.com>
References: <CAHOTMV+r5PVxqnSozYyqJqq_YocMKV06aAa-43t+5Huzh7Lo=A@mail.gmail.com> <F42128A0-9682-4042-8C7E-E3686743B314@cisco.com> <9A043F3CF02CD34C8E74AC1594475C73F4D0473F@uxcn10-5.UoA.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tI2KTL1yzsawQOmhChKiUC48u8U>
Cc: "David McGrew (mcgrew)" <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] 3DES diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2016 16:36:04 -0000
> Looking at it from the other side, your typical IoT device will be sending, > for example, a 12-byte message every 15 minutes, meaning it'll take, if my > calculations are right, just under two million years to collect the 785GB of > data required to perform the attack. I agree that it would be wise to evaluate each deployment scenario to decide which vulnerabilities have higher priority. But just a brief comment. If every message IoT device sends is a 16 bytes message consisting of one 8 byte secret and one 8 byte known plaintext, then with a 64-bit cipher, we only need roughly 64GB in order to get a meaningful collision (50% chance of recovering the secret). The 768GB value we gave was for recovering cookies from realistic web browser traffic that could be triggered from JavaScript. It is true that in other TLS use cases (such as IoT) some attacks may no longer be relevant, but unless we are careful some HTTPS attacks may even be worse in these scenarios. Best regards, Karthik > > So you've got something where the devices aren't vulnerable to the problem > (and nor, in any practical case, is anything else), for which the devs > involved won't even know that any guidance on the situation exists, and for > which, if anyone really wants to attack them, they can use any of the dozens > of insecure-by-design holes that are present in the device to own the whole > thing, at which point what you do with your crypto becomes meaningless. > > So what you're proposing is essentially a non-solution to a non-problem... > still, if you feel like writing the memo for it, don't let me stand in your > way. > > Peter. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Benjamin Kaduk
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Viktor Dukhovni
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie david wong
- Re: [TLS] [Cfrg] 3DES diediedie Eric Rescorla
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] 3DES diediedie Geoffrey Keating
- Re: [TLS] 3DES diediedie Dmitry Belyavsky
- Re: [TLS] [Cfrg] 3DES diediedie Stanislav V. Smyshlyaev
- Re: [TLS] 3DES diediedie Hanno Böck
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Watson Ladd
- Re: [TLS] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Karthikeyan Bhargavan
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Stephen Farrell
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Hubert Kario
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie John Mattsson
- [TLS] (confusing the issues) Re: [Cfrg] 3DES died… Rene Struik
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] (confusing the issues) Re: [Cfrg] 3DES … Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Jon Callas
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Jon Callas
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Rene Struik
- Re: [TLS] [Cfrg] (confusing the issues) Re: 3DES … Greg Rose
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie David McGrew (mcgrew)
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Brian Sniffen
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Steven M. Bellovin
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Hilarie Orman
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Ben Laurie
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Dave Garrett
- Re: [TLS] [Cfrg] 3DES diediedie Ira McDonald
- Re: [TLS] [Cfrg] 3DES diediedie Philip Levis
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Joachim Strömbergson
- Re: [TLS] [Cfrg] 3DES diediedie Ilari Liusvaara
- Re: [TLS] [Cfrg] 3DES diediedie Richard Hartmann
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Salz, Rich
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Peter Gutmann
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Derek Atkins
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose
- Re: [TLS] [Cfrg] 3DES diediedie Tony Arcieri
- Re: [TLS] [Cfrg] 3DES diediedie Yoav Nir
- Re: [TLS] [Cfrg] 3DES diediedie Kyle Rose