freebsd security - Sep 2013 - Anything in this story of concern?

<http://www.abc.net.au/news/2013-09-06/new-snowden-documents-say-nsa-can-break-common-internet-encrypt/4940138>

Ian

On 9/8/2013 9:44 PM, Ian Smith wrote:
>
<http://www.abc.net.au/news/2013-09-06/new-snowden-documents-say-nsa-can-break-common-internet-encrypt/4940138>
Have a look at estimates on the number of internet servers and desktops 
still vulnerable to BEAST, CRIME, et al.  That's for the population of 
devices where updating the SSL library is about as easy as it gets.  Now 
consider all those network devices and embedded systems with outdated 
firmware or where updating the embedded https/ssh server is impossible 
or the vendor won't bother.

It's known the NSA prefers taps in central locations (like switches and 
routers) for better coverage efficiency.  Combine these and the question 
of whether or not they're listening is one of capacity, not capability.

This isn't really news, though.  If you're worried about it, make sure 
your stuff uses TLS v1.2 with strong ciphers and large keys.

In message <20130909144142.J99094 at sola.nimnet.asn.au>, Ian Smith
writes:
>
><http://www.abc.net.au/news/2013-09-06/new-snowden-documents-say-nsa-can-break-common-internet-encrypt/4940138>
That most likely just mean that everybody is using OpenSSL and that
OpenSSL is a pile of crap.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

In message <0EEF6678B3EEC94B9AE44705DF224D023D48BF92 at
G9W0725.americas.hpqcorp.n
et>, "Koornstra, Reinoud" writes:
>Well, OpenSSL isn't the most beautiful code ever written for sure, but
to
>say it's a pile a crap would be a little too far to the negative end.
>[...]
>Most vulnerabilities in encryption are due to implementation issues.
>Having not audited the OpenSSL code on this I cannot say whether there are 
>implementation issues there.
You are of course entitled to have your own opinion, but I think
you should go look at the bloody code before you voice an opinion.

I call it a piece of crap, because the code clearly is not designed
as much as thrown together from random phd-projects, and the most
positive thing I can say about the API is that it is "opaque".

Using OpenSSL correctly takes a LOT of skill and a fair bit of knowing
"it only works if you do it this way", and most people lack that,
so they copy & paste, which probably made the job much easier for NSA.

I wrote a blog entry
(In Danish: http://www.version2.dk/blog/nsas-gennembrud-eller-noget-53787)
and I wanted to show an example.

I opened an openssl source file at random and the first thing I see is:

ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
        {
        ASN1_OBJECT *r;
        int i;
        char *ln=NULL,*sn=NULL;
        unsigned char *data=NULL;

        if (o == NULL) return(NULL);
        if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
                return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
                                             duplication is this??? */
	[...]

An "Obj_dup()" function which silently doesn't ?  

I am not going to enumerate how many ways that is wrong, it should not
be necessary to do so in present company.

And BTW:  That XXX comment is 10 years old.

No, I say with conviction, based on personal inspection and experience,
that OpenSSL is crap.

And as Garrett Wollman correctly pointed out on twitter: It remains
yet to be seen if any implementation of SSL/TLS can be non-crap,
given that they are stuck with X.509.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

I'm still waiting for someone to thoroughly analyze this question

What's worse: the possibility that NSA has cracked RC4 or being
vulnerable to BEAST/CRIME?

Set your crypto to a minimum of TLS 1.1 and let everyone who can't
connect complain. At least their data wasn't compromised.

This entire situation is maddening.