[Cryptography] Points of compromise

Eugen Leitl eugen@leitl.org
Sun Sep 8 23:15:29 PDT 2013 

----- Forwarded message from Phillip Hallam-Baker <hallam@gmail.com> -----

Date: Sun, 8 Sep 2013 13:53:49 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Subject: [Cryptography] Points of compromise

I was asked to provide a list of potential points of compromise by a
concerned party. I list the following so far as possible/likely:


1) Certificate Authorities

Traditionally the major concern (perhaps to the point of distraction from
other more serious ones). Main caveat, CA compromises leave permanent
visible traces as recent experience shows and there are many eyes looking.
Even if Google was compromised I can't believe Ben Laurie and Adam Langley
are proposing CT in bad faith.


2) Covert channel in Cryptographic accelerator hardware.

It is possible that cryptographic accelerators have covert channels leaking
the private key through TLS (packet alignment, field ordering, timing,
etc.) or in key generation (kleptography of the RSA modulus a la Motti
Young).


3) Cryptanalytic attack on one or more symmetric algorithms.

I can well believe that RC4 is bust and that there is enough RC4 activity
going on to make cryptanalysis worth while. The idea that AES is
compromised seems very less likely to me.


4) Protocol vulnerability introduced intentionally through IETF

I find this rather unlikely to be a direct action since there are few
places where the spec could be changed to advantage an attacker and only
the editors would have the control necessary to introduce text and there
are many eyes.


5) Protocol vulnerability that IETF might have fixed but was discouraged
from fixing.

Oh more times than I can count. And I would not discount the possibility
that there would be strategies based exploiting on the natural suspicion
surrounding security matters. It would have been easy for a faction to
derail DNSSEC by feeding the WG chair's existing hostility to CAs telling
him to stand firm.


One concern here is that this will fuel the attempt to bring IETF under
control of the ITU and Russia, China, etc.


-- 
Website: http://hallambaker.com/

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list