test attack against T shows the pitfalls of intentionally weakening encryption

BY GreenBot Staff

Published 2 Mar 2016

For the third time in less than a year, security researchers have found a method to attack encrypted b communications, a direct result of weaknesses that were mated two decades ago by the U.S. government.

These new attacks show the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies the intelligence community are calling for today.

The field of cryptography escaped the military domain in the 1970s reached the general public through the works of pioneers like itfield Diffie Martin Hellman, ever since, the government has tried to keep it under control limit its usefulness in one way or another.

One approach used throughout the 1990s was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications.

This gave birth to so-called “export-grade” encryption algorithms that have been integrated into cryptographic libraries have survived to this day. ile these algorithms are no longer used in practice, researchers found that the mere support for them in T (Transport yer Security) libraries server configurations endanger b communications encrypted with modern stards.

In h 2015, a team of researchers from Inria in ris the miT project developed an attack dubbed FREAK. They found that if a server was willing to negotiate an RSA_EXRT cipher suite, a man-in-the-middle attacker could trick a user’s browser to use a weak export key decrypt T connections between that user the server.

In May, another team of researchers announced another attack dubbed gjam. ile similar in concept to FREAK, gjam targeted the Diffie-Hellman (DHE) key exchange instead of RSA affected servers that supported DHE_EXRT ciphers.

On Tuesday, another team of researchers announced a third attack.

Dubbed DRO, this attack can be used to decrypt T connections between a user a server if that server supports the old SSversion 2 protocol or shares its private key with another server that does. The attack is possible because of a fundamental weakness in the SS2 protocol that also relates to export-grade cryptography.

The U.S. government deliberately weakened three kinds of cryptographic primitives in the 1990s — RSA encryption, Diffie-Hellman key exchange, symmetric ciphers — all three have put the security of the Internet at risk decades later, the researchers who developed DRO said on a website that explains the attack.

“Today, some policy makers are calling for new restrictions on the design of cryptography in order to prevent law enforcement from ‘going dark,'” the researchers said. “ile we believe that advocates of such backdoors are acting out of a good- faith desire to protect their countries, history’s technical lesson is clear: akening cryptography carries enormous risk to all of our security.”

Attacks like DRO show the costs that Internet users continue to pay for mated vulnerabilities in encryption that gave intelligence agencies a small, short-term advantage, hew Green, a cryptographer assistant professor at the s Information Security Institute, wrote in a blog post. “Given that we’re currently in the midst of a very important discussion about the balance of short- long-term security, let’s hope that we won’t make the same mistake again.”