Slashdot Mirror
Flaw Found in VPN Crypto Security
peeon writes "CNET reports the British National Infrastructure Security Coordination Centre has discovered a flaw in IPSEC protocol. From the article: 'The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported.'"
"old news for nerds"
Slashdot is only as up-to-date as you make it. AFAIK the editorial team don't go looking for articles, they wait for YOU the reader to submit them.
If you want current news, you should participate in providing it.
This only affects a relatively odd combination of features, so it's probably not a big deal for actual users. On the other hand, it is a flaw in the standard to claim that you can get confidentiality without integrity, when, in fact, that means that your data can be replaced with a request to decrypt your earlier packets, and you'll do so. Of course, integrity would only be disabled in a specialized application (where you expect to be able to deal with mangled data), and IPSec is generally deployed in cases where a variety of applications will use the channel.
It's extremely difficult to design a cryptosystem with optional features, because the security of various techniques tends to depend on properties provided by other techniques, and it's difficult to determine, especially in a committee, whether these properties are provided for the proper function of the system or because the end user is likely to want them.
I can't quite speak to its security, but there's nothing I've seen that makes me the least bit concerned. Although Peter Gutmann didn't do a real audit of openvpn, he did have this to say about it: "... but a quick look through it indicates that the author knows what he's doing." After you read a few remarks made by cryptographers, something like "this person is not a moron" is exceptionally high praise.
And Gutmann did leave us with this memorable quote: "Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment."
If you need a vpn solution that Just Works, check out OpenVPN.
Jason.
Spin it however you like -- but read this.
OpenVPN's security model is quite strong -- as documented in the FAQ, it borrows heavily from preexisting (time-tested, heavily reviewed) protocols (not just SSL but ESP as well), and supports multiple layers of security (ie. "tls-auth", a pre-shared key authenticating all traffic; support for running unprivileged and within a chroot jail to prevent OS-level security breaches; etc). Further, the (limited region of) code which handles pre-authentication network traffic is heavily audited.
There has been analysis resulting in security vulnerabilities found; these have exclusively been related to misconfiguration, and even in those cases the daemon now spits out a warning when it detects such misuse. Certainly, OpenVPN hasn't garnered the level of direct review (as opposed to inderect review of components it borrows) that IPsec has -- but I'm confident in its security. Certainly, the other homegrown userspace VPNs all have serious issues -- but notably, those issues have by and large been pointed out, whereas OpenVPN's security model has had no serious flaws documented despite significant popularity.
OpenVPN has a number of other advantages as well -- plays nice with NAT, tunnels over almost any network, no interop issues (since there's just one implementation that runs anywhere), etc.
2) Look a the openssh.org homepage. Notice the quote 'OpenSSH is primarily developed by the OpenBSD Project, and its first inclusion into an operating system was in OpenBSD 2.6. '
I'm siding with bluGill on this point, the AC is the dumbass on this trhread.
Think global, act loco