security researchers have highlighted a baptized FREAK vulnerability, which can significantly weaken the security of an encrypted connection between a user and a Web server. It goes back to old demands made by the NSA, when it wanted to limit the spread of encryption tools … Some flaws die hard … security experts dependent co-hosted by the Center INRIA and Microsoft this week revealed a vulnerability in the security of client-server exchanges protected by the current encryption tools. In short, it can force the use of an older version of the SSL and TLS protocols, far removed from the current safety standards. They named FREAK for Export Factoring RSA Keys .
In the beginning was the NSA
This vulnerability and exposure to attacks that result, based on an old demand made by the NSA in the 90 to deliver only simple encryption functions within the products that can be sold abroad, so it is always possible to decipher if needed.
These low algorithms have been baptized “export RSA” and based on an RSA key of 512 bits. Integrated with most competing tools, this encryption “dedicated to export” quickly gave way to more robust keys, generally between 1024 and 2048 bits. Historical key remains however in most common tools, mainly for compatibility issues.
A priori, this legacy is not supposed problem. Indeed, when a client initiates a secure connection to a server, both parties adopt the highest common level of encryption, to ensure maximum safety.
The vulnerability uncovered by researchers is to interfere in this exchange, through a type of attack man in the middle and to “force” the use of RSA key Export, which is no longer strong enough to withstand computers Current theory and must be totally disabled in SSL or TLS. According to the authors, less than 512-bit key can be factored “ in less than 12 hours for $ 50 ” via an Amazon EC2 instance. This simple manipulation compromises made all communications protected by that same key: once the intruder can actually decipher, but also change at will the exchange
“ Irony. of fate, many US government agencies (including the NSA and the FBI) and many popular websites (IBM or Symantec) still allow the key dedicated to export on their servers – by factoring their RSA 521-bit module we can pass it to vulnerable clients , “the authors explain, illustrate the approach with a modified” live “the NSA site.
server side, the vulnerability was notably observed in OpenSSL, which corrects from 0.9.8zd versions 1.0.0p and 1.0.1k, but many sites and applications remain potentially fallible (see a list of examples). The list, however, diminishes rapidly as in the discovery is publicized.
Vulnerability partially filled client-side
the client side, the gap is usually filled on major browsers desktop , except Safari on OS X as vulnerable on iOS. Alerted prior to public disclosure, Apple, however, assured Tuesday to Reuters that a fix would be rapidly distributed. Android-based browsers OpenSSL may also be involved, say the authors, who advise instead use Chrome as the default browser.
It is possible to test the browser directly on the site dedicated to “Freak Attack”.
No comments:
Post a Comment