Bar Mitzvah is an improvement on existing attacks against RC4. It's a credible
exposure under some threat models. Primarily it's an issue for sites with a lot
of RC4 conversations, since it depends on the use of weak keys, which are a
large subset of all RC4 keys. When a conversation (randomly) chooses a weak
key, some information is leaked to the attacker, who can then try to
brute-force parts of the conversation. Typically that will be something like a
session ID - generally only useful for the lifetime of the session - or a
commonly-used user password. (The Bar Mitzvah paper describes how it can be
used to improve brute-force attacks on user passwords that are passed in
RC4-encrypted data.)
So: If your systems participate in a lot of RC4 conversations, and your threat
model includes passive attackers gaining sufficient information to make
brute-forcing small pieces of data feasible, then Bar Mitzvah is a problem.
We can't tell you whether it's something you need to be concerned about. That
depends on YOUR threat model. If you don't know what your threat model is, then
you can't make informed security decisions.
The attack applies to all implementations of RC4, and its use by any SSL/TLS
implementation. OpenSSL can't fix the problem. A future release of OpenSSL may
remove RC4 suites from the default list (indeed, it's probably all but
inevitable), so applications won't use it unless they enable it. For now, it's
enabled by default.
Michael Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Sandeep Umesh
Sent: Monday, April 06, 2015 14:20
To: OpenSSL User Support ML
Subject: [openssl-users] openssl impact on CVE-2015-2808
Just want to understand the impact of openssl for RC4 Bar mitzvah attack.
Please correct me if my understanding is wrong, basically this attack is
triggered based on the design of RC4.
openssl is one of the implementers of RC4 algo.
I am not sure if there will be any design change or openssl will try to disable
RC4 support...
But, Is disabling RC4 algo usage in the applications which are using openssl a
better approach? Thanks
This message has been scanned for malware by Websense. www.websense.com
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users