• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Whoa Nelly
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Whoa Nelly

  • Subject: Re: [Fed-Talk] Whoa Nelly
  • From: Jeffrey Walton <email@hidden>
  • Date: Wed, 05 Sep 2012 12:16:32 -0400
On Wed, Sep 5, 2012 at 12:07 PM, Jeffrey Walton <email@hidden> wrote:
> On Wed, Sep 5, 2012 at 11:13 AM, Dave Schroeder <email@hidden> wrote:
>>
>> Please outline the SPECIFIC, provable risks you believe originate from this information. (Please note that emails (i.e., contents) and passwords are not a part of the data.)
>>
>> [SNIP]
>>
>
> I am somewhat leary of this argument (with all do respect). I try not
> to let my own ignorance get in the way of a good security posture.
>
> In 2007, we were warned of chosen-prefix collision attacks on hashes
> with certain constructions, including MD5. Many folks continued to use
> MD5.
>
> In 2008, Stevens, Sotirov, Lenstra (et al) collided MD5 and created a
> rogue CA ("MD5 considered harmful today,"
> http://www.win.tue.nl/hashclash/rogue-ca/). CA's responded with,
> "Everything is OK if the MD5 cert was issued before this research was
> published."
>
> In 2012, we saw a variant of chosen-prefix collision attack (Flame
> used it). CAs were wrong, as were many other folks. The folks who were
> wrong let there own ignorance get in the way of a sound security
> related decision.
>
> I don't discount the value of a UDID in an attack just because I am
> not clever enough to formulate the attack.
Here's an Android related example:
http://groups.google.com/group/android-security-discuss/browse_thread/thread/4ce2dfc385b09e4/.

"We mix the device serial number into the /dev/random entropy pool." -
Nick Kralevich

Given a [harmless] device UDID, you know a lot about the state of a
PRNG (on Android). If traffic analysis warrants, perhaps the knowledge
can be used as a launch point for a full compromise of traffic.

Jeff
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: [Fed-Talk] Whoa Nelly (From: "Levine, Jason (NIH/NCI) [E]" <email@hidden>)
 >Re: [Fed-Talk] Whoa Nelly (From: Dave Schroeder <email@hidden>)
 >Re: [Fed-Talk] Whoa Nelly (From: Dave Schroeder <email@hidden>)
 >Re: [Fed-Talk] Whoa Nelly (From: "Pike, Michael (IHS/HQ)" <email@hidden>)
 >Re: [Fed-Talk] Whoa Nelly (From: Jeffrey Walton <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Whoa Nelly
  • Next by Date: Re: [Fed-Talk] Whoa Nelly
  • Previous by thread: Re: [Fed-Talk] Whoa Nelly
  • Next by thread: Re: [Fed-Talk] Whoa Nelly
  • Index(es):
    • Date
    • Thread