[Cryptography] Points of compromise

----- Forwarded message from Phillip Hallam-Baker ----- Date: Sun, 8 Sep 2013 13:53:49 -0400 From: Phillip Hallam-Baker To: "cryptography@metzdowd.com" Subject: [Cryptography] Points of compromise I was asked to provide a list of potential points of compromise by a concerned party. I list the following so far as possible/likely: 1) Certificate Authorities Traditionally the major concern (perhaps to the point of distraction from other more serious ones). Main caveat, CA compromises leave permanent visible traces as recent experience shows and there are many eyes looking. Even if Google was compromised I can't believe Ben Laurie and Adam Langley are proposing CT in bad faith. 2) Covert channel in Cryptographic accelerator hardware. It is possible that cryptographic accelerators have covert channels leaking the private key through TLS (packet alignment, field ordering, timing, etc.) or in key generation (kleptography of the RSA modulus a la Motti Young). 3) Cryptanalytic attack on one or more symmetric algorithms. I can well believe that RC4 is bust and that there is enough RC4 activity going on to make cryptanalysis worth while. The idea that AES is compromised seems very less likely to me. 4) Protocol vulnerability introduced intentionally through IETF I find this rather unlikely to be a direct action since there are few places where the spec could be changed to advantage an attacker and only the editors would have the control necessary to introduce text and there are many eyes. 5) Protocol vulnerability that IETF might have fixed but was discouraged from fixing. Oh more times than I can count. And I would not discount the possibility that there would be strategies based exploiting on the natural suspicion surrounding security matters. It would have been easy for a faction to derail DNSSEC by feeding the WG chair's existing hostility to CAs telling him to stand firm. One concern here is that this will fuel the attempt to bring IETF under control of the ITU and Russia, China, etc. -- Website: http://hallambaker.com/ _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5