[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[saag] VOIPSEC
So the latest
Internet Crime news is that there have been indictments for a VOIP scam, as
reported in the NYT. Someone on the VOIPSEC list posted the indictments which
are also linked from my blog:
The indictments show
that the scam was based on a brute force attack of HTTP digest.
Now HTTP Digest was
originally designed in a couple of hours as an attempt to forestall the
deployment of BASIC. It was never intended to be used where a single password
was controlling an asset worth a million dollars as in this case. The idea was
that the need for DIGEST would go away when public key was no longer
encumbered.
So the lesson here
is don't use a crypto protocol just because it is a standard. A protocol that is
designed to meet one set of requirements may not be adequate in a different
environment. We knew about the brute force attack at the time, we did not know a
way to address the problem without using an encumbered
technology.
If you want to have
security you have to either use passwords that are large enough to prevent the
brute force attack - which is certainly possible in an environment like SIP
where these do not need to be remembered by people. Or you use public
key.
I spent this
morning trying to work out a way round the public key requirement involving
injecting randomness into the mix. It is not possible to brute force H (p, r)
unless r is known. Unfortunately getting r from one side to the other without
using public key does not seem to be possible. If you use E (r, p) you can now
do a brute force attack. The only way to prevent brute force is if verification
requires more information than is available to the client and that seems to
require public key which then gets you into all sorts of allegedly encumbered
technologies.
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.