Coding Practice [was Re: Serious OpenSSL vulnerability]
Frantisek Hanzlik
franta at hanzlici.cz
Sat Apr 26 20:19:47 UTC 2014
Ian Malone wrote:
> On 26 April 2014 03:38, Tim <ignored_mailbox at yahoo.com.au> wrote:
>> On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
>>> millions and millions of affected users who had to go ahead and change
>>> passwords for many many things they rely on
>>
>> One thing I haven't seen mentioned, here nor elsewhere, was whether the
>> bug could only affect you if they tried to hack the server while you
>> were using it. Or if it was possible to extra useful data well after
>> you had been and gone. Since it's talking about reading data beyond
>> what's expected, I suspect it may be that you were vulnerable even
>> sometime after your session, if the server hadn't re-used the memory for
>> something else, yet.
>>
>
> The simplest 'backwards' exploit is if the private keys were stolen
> then other encrypted traffic captured which had used the same keys
> could then be decoded. Though IIUC 'perfect forward secrecy' should
> reduce the risk of that. As you say there's also whatever data is
> still in memory, that's a shorter window. I don't know how Apache
> memory is structured, but I'd speculate there's the potential to leak
> hashed passwords there.
I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug
(mainly because I consider Fedora 15+ as too problematic and stay at
F14 with eventual migration to CentOS 6 on my servers, thus they aren't
affected with this bug), but - it is truth, that when private key is
stealed, this _always_ implied, that encrypted traffic may be read
with private key knowledge? As I know, when e.g. Diffie-Hellman key
exchanging is used, then either private key knowledge isn't sufficient
to decode network traffic. Of course, TLS RFCs give us some basic set
of mandatory ciphersuites which should know every TLS endpoint, and
there are also these, where private key knowledge is sufficient for
traffic decoding. But when at my side I allow e.g. (contrary to RFCs)
only DH ciphersuites, then maybe either I'm not able establish a
connection, or my connection is reliable - although connection is
tapped by someone, who keep my private key. Or am I wrong?
---
Regards, Franta Hanzlik
More information about the users
mailing list