[dnsop] Re: [dnssec-deployment] BIND and OpenSSL's RSA signature forging issue

Fri, 08 Sep 2006 05:58:59 -0700 


Ben Laurie wrote:


I've just noticed that BIND is vulnerable to:

http://www.openssl.org/news/secadv_20060905.txt

Executive summary:

RRSIGs can be forged if your RSA key has exponent 3, which is BIND's
default. Note that the issue is in the resolver, not the server.



See a more comprehensive report at


Hal Finney, "Bleichenbacher's RSA signature forgery based on 
implementation error" Wed, 30 Aug 2006

http://www.mail-archive.com/cryptography@metzdowd.com/msg06537.html


"based on implementation error" is somehow relevant to understand 
exactly where the vulnerability lies. I mean "somehow relevant" because 
the specific implementation error (a missing data validation check, 
where the check is useful *only* for preventing the Bleichenbacher's RSA 
signature forgery while the forgery was previously unknown) is very 
likely to be done by even dedicated implementation developers, and 
remain undetected in the SW testing phase because of its innocuous-ness.



Fix:

Upgrade OpenSSL.




Or use the proper command-line argument in the BIND-specific 
dnssec-keygen utility?



Or fix the BIND-specific dnssec-keygen utility to use the other allowed 
value (i.e 65537) as the default?



Issue:

Since I've been told often that most of the world won't upgrade
resolvers, presumably most of the world will be vulnerable to this
problem for a long time.

Solution:

Don't use exponent 3 anymore. This can, of course, be done server-side,
where the responsible citizens live, allegedly.

Side benefit:

You all get to test emergency key roll! Start your motors, gentlemen!




Responsible citizens consult their family cryptographer before selecting 
an RSA public key exponent, and they stay away from public exponent=3 
for number-theoretic reasons known only to the family cryptographers (of 
which the Bleichenbacher's RSA signature forgery is an acutely practical 
consequence)!



Cheers,


Cheers,



Ben.



- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]

.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html






















					Reply via email to