[OpenAFS] AES Support ?

Wed, 26 Sep 2007 21:17:04 CDT

> > Huh?  How exactly would returning a "security index not supported"
> > error instead of just ignoring the packet result in a=20
> > downgrade attack?

> I believe it is similar to the CIFS Downgrade Attack scenerio
> (Google for it if you are not familiar with this classic
> vulnerability).

   Yes, I can see how IF you could inject a spoofed packet
   you might be able to fool the server into believing that
   the client didn't really support the securityIndex, but:

     1) if downgrading the securityIndex was the response
        to not receiving a reply, then instead of spoofing
        you would just need to block the reply which seems
        approximately equivalent in difficulty, and more
        importantly

     2) either the lesser securityIndex is or is not
        acceptable.  If you were willing to talk to
        somebody who didn't support the stronger one
        then it seems you wouldn't really mind talking
        the weaker one to somebody who did.  If you
        are unwilling to accept the lower index, then
        it devolves into a garden variety D.O.S.

    Note however, that if you accepted a downgrade,
    the first thing you sent could be a secure
    (yes "less" secure) request for the supported
    types.

    Example:

           [unsecured]
        -------- challenge/strong ----->
        <------- error/unsupported -----
        -------- challenge/weaker ----->
        <------- response/weaker -------
           [now secured with weaker]
        -------- supported-types? ----->
        <------- stronger,weaker -------
   "I've been had!"

(Assuming weaker isn't cleartext of something equally useless)


John