[OpenAFS] AES Support ?
John Hascall
john@iastate.edu
Wed, 26 Sep 2007 21:17:04 CDT
> > Huh? How exactly would returning a "security index not supported"
> > error instead of just ignoring the packet result in a=20
> > downgrade attack?
> I believe it is similar to the CIFS Downgrade Attack scenerio
> (Google for it if you are not familiar with this classic
> vulnerability).
Yes, I can see how IF you could inject a spoofed packet
you might be able to fool the server into believing that
the client didn't really support the securityIndex, but:
1) if downgrading the securityIndex was the response
to not receiving a reply, then instead of spoofing
you would just need to block the reply which seems
approximately equivalent in difficulty, and more
importantly
2) either the lesser securityIndex is or is not
acceptable. If you were willing to talk to
somebody who didn't support the stronger one
then it seems you wouldn't really mind talking
the weaker one to somebody who did. If you
are unwilling to accept the lower index, then
it devolves into a garden variety D.O.S.
Note however, that if you accepted a downgrade,
the first thing you sent could be a secure
(yes "less" secure) request for the supported
types.
Example:
[unsecured]
-------- challenge/strong ----->
<------- error/unsupported -----
-------- challenge/weaker ----->
<------- response/weaker -------
[now secured with weaker]
-------- supported-types? ----->
<------- stronger,weaker -------
"I've been had!"
(Assuming weaker isn't cleartext of something equally useless)
John