[41698] in cryptography@c2.net mail archive
Exponent 3 damage spreads...
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Sep 9 14:26:21 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 08 Sep 2006 16:11:02 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Cryptography <cryptography@metzdowd.com>
This is a multi-part message in MIME format.
--------------090509010500020101060506
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
...thought this might interest people here.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
--------------090509010500020101060506
Content-Type: message/rfc822;
name="Attached Message"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Attached Message"
Return-Path: <ben@mail.links.org>
Received: from murder ([unix socket])
(authenticated user=ben bits=0)
by mail.links.org (Cyrus v2.2.13) with LMTPA;
Fri, 08 Sep 2006 12:58:31 +0100
X-Sieve: CMU Sieve 2.2
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on mail.links.org
X-Spam-Level:
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,SPF_SOFTFAIL
autolearn=disabled version=3.1.3
X-Original-To: ben@ben.algroup.co.uk
Received: from chainmail.thebunker.net (chainmail.thebunker.net [213.129.64.23])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.links.org (Postfix) with ESMTP id 84D2D33C2A
for <ben@ben.algroup.co.uk>; Fri, 8 Sep 2006 12:25:01 +0100 (BST)
Received: from mailapps.uoregon.edu ([128.223.142.45])
by chainmail.thebunker.net with esmtp (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.30; FreeBSD)
id 1GLeTj-00047U-T1
for ben@algroup.co.uk; Fri, 08 Sep 2006 12:25:00 +0100
Received: from mailapps.uoregon.edu (localhost [127.0.0.1])
by mailapps.uoregon.edu (8.13.7/8.13.7) with ESMTP id k88BKPAq025114;
Fri, 8 Sep 2006 04:20:25 -0700
Received: (from majordom@localhost)
by mailapps.uoregon.edu (8.13.7/8.13.7/Submit) id k88BKPnf025112;
Fri, 8 Sep 2006 04:20:25 -0700
Received: from mail.links.org (mail.links.org [217.155.92.109])
by mailapps.uoregon.edu (8.13.7/8.13.7) with ESMTP id k88BKOP3025107
for <dnsop@lists.uoregon.edu>; Fri, 8 Sep 2006 04:20:24 -0700
Received: from [193.133.15.218] (localhost [127.0.0.1])
by mail.links.org (Postfix) with ESMTP id 7138C33C2C;
Fri, 8 Sep 2006 11:42:44 +0100 (BST)
Message-ID: <450148AC.3060400@algroup.co.uk>
Date: Fri, 08 Sep 2006 11:40:44 +0100
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Thunderbird/1.5.0.5 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: DNSEXT WG <namedroppers@ops.ietf.org>,
"(DNSSEC deployment)" <dnssec-deployment@shinkuro.com>,
dnsop@lists.uoregon.edu
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.88.4/1824/Fri Sep 8 02:45:24 2006 on mailapps
X-Virus-Status: Clean
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
X-ALD-MailScanner: Believed clean
X-ALD-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 5)
Subject: [dnsop] BIND and OpenSSL's RSA signature forging issue
I've just noticed that BIND is vulnerable to:
http://www.openssl.org/news/secadv_20060905.txt
Executive summary:
RRSIGs can be forged if your RSA key has exponent 3, which is BIND's
default. Note that the issue is in the resolver, not the server.
Fix:
Upgrade OpenSSL.
Issue:
Since I've been told often that most of the world won't upgrade
resolvers, presumably most of the world will be vulnerable to this
problem for a long time.
Solution:
Don't use exponent 3 anymore. This can, of course, be done server-side,
where the responsible citizens live, allegedly.
Side benefit:
You all get to test emergency key roll! Start your motors, gentlemen!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
