http://arstechnica.com/security/2016/05 ... y-attacks/
Is it possible for a client to protect ourselves against this type of MITM attack, and if so how? (Does NoScript help here?)
Protecting against HTTPS "Forbidden Attack"?
Protecting against HTTPS "Forbidden Attack"?
*Always* check the changelogs BEFORE updating that important software!
-
Re: Protecting against HTTPS "Forbidden Attack"?
Catastrophic failure upon nonce reuse sounds like AES in Galois-Counter Mode. It's an effective and fast mode, but it absolutely must not reuse nonces. It's perfectly acceptable, even a good idea, for AES-GCM to use sequential nonces; but if implementors choose random nonces instead, then eventually you can expect a repeat. With the results described.
I'm not sure how much protection you'd get by disabling GCM ciphers.
NoScript won't do much, though. The attack scenario is someone wiretapping.
Update: Oops, didn't see the lower half of the article. Yep, it's AES-GCM using random nonces instead of sequential.
I'm not sure how much protection you'd get by disabling GCM ciphers.
NoScript won't do much, though. The attack scenario is someone wiretapping.
Update: Oops, didn't see the lower half of the article. Yep, it's AES-GCM using random nonces instead of sequential.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0
Re: Protecting against HTTPS "Forbidden Attack"?
The sort of counter-measure I was first thinking is something like, if the client notices nonce re-use, abort the connection and throw a warning, with options to connect despite insecurity or just get out. Sort of like how SeaMonkey currently handles insecure certificates.
How hard would it be to implement this? And given that NoScript is part of Tor Browser, where this stuff REALLY matters, is it something NoScript should implement?
How hard would it be to implement this? And given that NoScript is part of Tor Browser, where this stuff REALLY matters, is it something NoScript should implement?
*Always* check the changelogs BEFORE updating that important software!
-
Re: Protecting against HTTPS "Forbidden Attack"?
Is it possible for a client to this? Yes. How hard? Um...I don't know, but it sounds like it would come dangerously close to crypto-related code. Which, given a choice, I wouldn't want to touch with a 10-foot pole.
There shouldn't be any option to override, though. Nonce reuse in AES-GCM = failure.
There shouldn't be any option to override, though. Nonce reuse in AES-GCM = failure.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0
Re: Protecting against HTTPS "Forbidden Attack"?
Yeah, me neither.Thrawn wrote: it sounds like it would come dangerously close to crypto-related code. Which, given a choice, I wouldn't want to touch with a 10-foot pole.
So it's worse than plain HTTP in terms of security?Thrawn wrote:There shouldn't be any option to override, though. Nonce reuse in AES-GCM = failure.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Protecting against HTTPS "Forbidden Attack"?
If you're concerned about having a false sense of security - certainly.barbaz wrote: So it's worse than plain HTTP in terms of security?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0