JUNIPER PATCHES SCREENOS…TO PREVIOUS, BROKEN VERSION
The hottest cryptography story this week is the ongoing Juniper Networks cluster-fiesta. The story first broke last month and is a dizzying maze – backdoors within backdoors within backdoors, ten-million-dollar NSA contracts, textbook cases of how not to implement crypto – and is still unfolding. There are plenty of disturbing elements, but one in particular caught our attention. Juniper did issue a patch to close a particular backdoor (the US Department of Defense has been recommending applying it). However, the patch only returns devices to a previous, still-deeply-suspect version. It thus fixes one non-Juniper backdoor – but apparently leaves other existing backdoors in place.
STATUS: Puzzling at best, deeply suspicious at worst. The Juniper landscape is being explored by some very savvy security researchers, and we’re teasing the story apart ourselves. Look for our own brave attempt to break down the Juniper story for you next week.
All cryptographic functions age out, and MD5 (already mostly removed from modern ciphersuites) and SHA1 (slated for early retirement) are only the latest such. Both are however still in use, and a recent technical paper from researchers at miTLS.org describes a line of attack that targets the older MD5 and SHA1 signature algorithms (as opposed to the ciphersuites that do actual encryption). Dubbed SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), this exploit can allow impersonation attacks and worse.
STATUS: Previous worries about MD5 and SHA1 revolved around breaking the actual encryption of messages. SLOTH reminds us that there are vulnerable attack surfaces beyond ciphersuites (client authentication, in this case) – and that a completely secure environment means blocking every path to explotation.
…BUT KILLING SHA-1 PROVING TRICKIER THAN HOPED
Although Mozilla is leading the march towards SHA1 retirement, there are as many stumbles in removing old tech as in introducing new tech. The latest version of Firefox (version 43) started rejecting SSL/TLS certificates signed with SHA1 on January 1, 2016. Unfortunately, slow (even SLOTHful) uptake for SHA1 retirement by some security and antivirus software providers broke HTTPS access for their users.
STATUS: Mozilla’s made a tactical retreat and patched Firefox to re-accept SHA1 certs – but they’re still aiming to retire SHA1 as soon as possible, and state (through clenched teeth, no doubt) that “vendors of TLS man-in-the-middle systems should be working to update their products”.
GOOGLE TO AVG: SEE US AFTER CLASS
STATUS: “AVG” stands for “Anti-Virus Guard”. “QA” stands for “quality assurance”. Any questions?
DUTCH GOVERNMENT BUCKS GLOBAL TREND, CALLS FOR SANE CRYPTO
In the wake of horrific acts by some very bad people, authorities in several nations have been calling for encryption with “golden keys” enabled – they’re asking for magic backdoors that only legitimate authorities would ever use. As the Juniper saga shows, there is no such thing. Backdoors get opened, and not always by the theoretically trusted keyholder. Thus it’s heartening that the government of the Netherlands has come out in favor of strong encryption (i.e., uncompromised by backdoors) for “the protection of privacy for citizens, companies, the government, and the entire Dutch economy”.
STATUS: Happy to end on a positive note, for once. As we’ve noted before, math is a tough thing – despite the fond wishes of law and order types, it just doesn’t allow for the kind of magic backdoors they’re wishing for. Mad props to the Dutch authorities for their tough and rational stance – and for putting their money behind their words with a half-million-euro investment in the OpenSSL Project.
As usual, plenty of interesting items we didn’t have room to address this week – the hacking of Ukraine’s power grid, XFinity’s deeply broken home security software, the newly-theorized HTTPS Bicycle attack – it’s a pretty interesting security universe these days, and chock-a-block with stuff we’re happy to bring to your attention.
And as always we appreciate your reading these words, and remind you what SSL.com truly believes – a safer internet is a better internet.