Cryptography & Security Newsletter

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

Despite being broken since 2004—yes, that’s twenty years ago exactly—the MD5 hash algorithm remains in use in both some obscure and some widely used protocols. One such protocol is RADIUS, which was very popular in the past for authentication of dial-up users, but remains in use today with assorted networking equipment.

Unsurprisingly, protocols that continue to rely on MD5 are not secure, as explained in the research paper that declares RADIUS/UDP to be considered harmful. Or, if you prefer a fancy name, the paper discusses the Blast-RADIUS vulnerability.

The actual approach is a chosen-prefix attack, pioneered by Marc Stevens et al. in 2007. The name of the paper is a reference to a successful chosen-prefix attack in 2008 (discussed in “MD5 Considered Harmful Today”) that exploited MD5 to exploit a certification authority and obtain a CA certificate.

Entrust Partners with SSL.com

When, in our previous newsletter, we wrote that Entrust was in trouble, we didn’t know that Google was going to distrust the company, but the writing was on the wall. Google’s announcement happened mere hours after our newsletter went out. What has happened since?

Entrust’s customers started to worry about the forthcoming distrust event as well as the potential availability impact. Entrust’s competitors and vendors in adjacent spaces started to use the situation as a talking point to drum up more revenue. Entrust itself started to look for ways to get out of its predicament. The company’s first response was largely just a formality, but the second response, which came a week later, outlined some specific improvements. Among other measures, the company retained Ryan Hurst, a PKI industry veteran who was recently critical of Entrust’s past activities, to advise the company on the transition.

Finally, a mere two weeks later, Entrust announced that it will continue to provide X.509 certificates via a partnership with SSL.com. This arrangement will help the company continue to serve its customer base while it works on potentially regaining its trusted status.

Short News

Here are some things that caught our attention since the previous newsletter:

• Google is planning a summit to discuss all things transparency, on October 9-11, 2024.
• Let’s Encrypt announced plans to abandon OCSP, citing privacy concerns and costs.
• SnailLoad is a new side-channel attack that can infer victim activity purely from a very limited view of the victim’s network latency, such as a resource being loaded from an attacker’s website.
• RFC 9608: No Revocation Available for X.509 Public Key Certificates introduces a new extension to use as an explicit signal that revocation information will not be provided.
• Apple introduced Private Browsing 2.0, with features appearing in Safari 17, 17.2, and 17.5.
• Apple Intelligence is expected to debut in Q3 this year, but apparently not in Europe. Apple decided to postpone the European release, citing worries about being afraid of being forced to compromise on privacy and data security. The European Commission’s vice president, Margrethe Vestager, is not happy.
• In a thread on X, Colm MacCárthaigh explains the need for a “bigger” cipher that is able to support high volumes of traffic.
• Matilda Backendal et al. published A Formal Treatment of End-to-End Encrypted Cloud Storage.
• Joseph Birr-Pixton writes about an OpenSSL bug that, like Heartbleed, exposes up to 255 bytes of server heap. Luckily, the bug, which has existed since 2011, is in a part of the code that is not very widely used.
• At the IT-S NOW conference in Vienna, Whitfield Diffie spoke about revisiting cryptography. He was also on a privacy panel, alongside Peter Gutman.
• Smallstep is taking over the maintenance and future development of micromdm/scep (now smallstep/scep), which is a Go implementation of Simple Certificate Enrollment Protocol (SCEP).
• Scientists claim a tenfold improvement in the stability and performance of quantum systems.
• The ecapture open-source project uses eBPF to locally intercept popular TLS libraries and extract plaintext.
• CryptoHack, a platform for learning cryptography, is adding new challenges.
• Firefox is progressing toward HTTPS first, now in Firefox Nightly.
• The Security Cryptography Whatever podcast has a new episode on the zero-day market, with Mark Dowd, founder of Azimuth Security and one of the authors of The Art of Software Security Assessment.
• Elexon, a company that monitors the UK’s energy market, suffered an outage due to an expired certificate.
• Team Cymru’s Augury platform, which provides netflow data for public network traffic, claims 90 percent coverage of the world’s traffic. Government agencies are loving it. Joseph Cox linked to one relevant FOIA request on X.
• Centralized identity-verification services considered harmful: AU10TIX, a company that’s connected to Upwork, Twitter, Fiverr, Coinbase, and others, suffered a year-long breach, leading to potential exposure of sensitive information.
• Mark Baggett interviewed Phil Zimmerman about the origin of PGP.
• On the Trail of Bits blog, Opal Wright says that post-quantum cryptography is good for us, even if no quantum computer is ever built.
• Filippo Valsorda has written a specification for XAES-256-GCM, which uses a 192-bit nonce.
• The Trail of Bits group is proposing AES-GEM, a Galois Extended Mode cipher that aims to improve upon the current de facto standard, AES-GCM. Frank Denis implemented it in Zig.
• In “Where Did DNSSEC Go Wrong?,” Edward Lewis reflects on the beginnings of DNSSEC and its design choices.
• Hosein Hadipour published his cryptanalysis course to GitHub.
• We missed mentioning Keyfactor’s Key Takeaways from the 2024 PKI & Digital Trust Report, which was published in April.
• Microsoft announced a public preview of inbound SMTP DANE and DNSSEC.
• OpenSSL established a new governance structure and announced that BouncyCastle and cryptlib projects have joined them on their mission.
• The Security. Cryptography. Whatever. podcast is organizing a first in-person event during Black Hat and DEFCON conferences. They also talk about ClownStrike (their words) and other topics in Summertime Sadness.