[gnutls-dev]Re: weak cryptography
Nikos Mavroyanopoulos
nmav at gnutls.org
Fri Jul 12 06:25:02 CEST 2002
On Wed, Jul 10, 2002 at 11:33:04AM -0000, phr-2002 at nightsong.com wrote:
> > A GNU TLS-based web server
> > without weak cryptography support wouldn't be able to communicate
> > securely with these browsers.
> You seem to make an assumption that is not correct. You assume that
> the 40 bit restricted browsers, offer some security.
> Actually they do not offer any security at all.
> I don't agree with this. 40 bit browsers offer some security, enough
> for some applications but not for others.
Having seen this mail and Petr's I see that you've got some point.
I should point out however that enabling the so called export-grade
ciphers, has an impact to the security of all the ciphersuites.
There is a known weakness in the TLS handshake protocol that
in brief, makes all the cipher suites vulnerable to a man in the
middle attack if the export-grade ciphersuites can be broken fast enough
(before the TCP/IP connection expires).
This attack is known to the TLS WG.
> It is trivial to crack 40 bit protected communications by brute
> force.
> It's not trivial and that's easy to prove: if I send you 1000 messages
> encrypted with 32-bit encryption and offer to pay you 0.10 US dollars
> for each message you can read, you might take the trouble to set up a
> few workstations and make an easy 100 USD (it takes about one hour to
> crack each key on a PC, so you'd let your network run for a few days).
> But with 40-bit encryption, it takes weeks to crack each one and you
> probably won't bother. "Too much work to bother", by definition, is
> non-trivial.
I don't agree with these timings, and there is no point in arguing about
this, since the time needed is reduced every year.
> Finally, this discussion has mostly been about 40 bits, but for a
> brief period some exportable browsers and servers supported 56 bit
> ciphers. I don't know if GNUTLS considers those "weak". In practice,
> they are breakable, but only with great difficulty, requiring special
> hardware and/or very large distributed PC networks.
Well the special hardware can be easily accessed. Consider the cards
that are supposed to offer TLS in hardware.
Anyway, I'll think about this.
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org
More information about the Gnutls-devel
mailing list