SSL News Roundup–BEAST, CRIME and Pulse
Yes, I survived
If you were wondering after that last blog post about having West Nile Virus, yes, I’ve survived. Every few days I’ll have a day of fatigue and they say that this can go on for 60-90 days. I can live with that. I’ve recovered enough to travel to Sao Paulo, Brazil to finish the roadshow.
And yes, I did update my will and powers of attorney, so I can “safely” die any time.
New CRIME Attack
F5 has been tracking the Internet chatter about the upcoming SSL/TLS vulnerability (named CRIME) to be announced at the ekoparty security conference in Argentina later this month. The researchers Thai Duong and Juliano Rizzo, seem to be making a habit of “breaking the internet” by finding significant vulnerabilities in secure protocols such as TLS. Last year, they demonstrated the BEAST attack which had the interesting effect of moving everyone toward either the new TLS 1.2 protocol or backward to the RC4 stream cipher. This time, Duong and Rizzo claim, neither TLS 1.2 nor RC4 will provide protection against CRIME.
The statements that they’ve made so far, and also because Duong and Rizzo have not contacted F5 directly, suggest that that the upcoming vulnerability will primarily affect browsers. It is very likely no changes will be required for your F5 gear, either in software, hardware, or microcode. An F5 representative will be attending the conference and will share the details as quickly as possible.
There may also be a way that F5 can assist our customers in detecting or mitigating the new CRIME vulnerability at the strategic control points that BIG-IP devices usually occupy. F5 will be on the lookout for that kind of opportunity, so continue watching DevCentral for more information. Together we take a byte out of CRIME. OMG that was awful, wasn’t it.
Old BEAST Attack
As terrifying as last year’s BEAST attack was, I never heard of any real exploits in the wild. If there were any, I’d like to hear about them. Googling “Beast Attack”, while entertaining, doesn’t really help.
Like everyone else, F5 struggled with mitigating the BEAST attack – our high-performance platforms rely on OEM hardware for SSL acceleration and waiting for their microcode added to the struggle’s length. I believe that F5 got the microcode first, and I’m pleased to be able to say that version 11.2.1 of TMOS should fix all the issues around moving to TLS1.2 and getting away from BEAST. Of course, not all browsers support TLS1.2 but that’s a different story for another time.
RSA Key Length
Microsoft’s upcoming server update will require certificates to have a minimum RSA key size of 1024. This means no more 512- or 768-bit keys. Honestly, it’s probably been five years since I’ve seen a 512-bit key that wasn’t an ephemeral key.
The latest report from the cool SSL Pulse survey (of nearly 200,000 sites) shows only two sites that have keys less than 1024 bits. The survey says that 85% of keys are 2048-bit, which is about right for the times, and only 2% are 4096-bit.
That’s all the F5-related SSL news for the month that I’m allowed to report. There’s so much happening in the SSL world right now. It continues to be an exciting time in for crypto people.