Re: Security Diligence

From:	Nikita Popov	Date:	Sat, 08 Feb 2014 13:55:42 +0000
Subject:	Re: Security Diligence
References:	1 2 3	Groups:	php.internals
Request:	Send a blank email to internals+get-72402@lists.php.net to get a copy of this message

On Sat, Feb 8, 2014 at 2:04 PM, Lester Caine <lester@lsces.co.uk> wrote:

> Hopefully to put some of the discussions into context of where they fit in
> the real world. Is the 'timing attack' or problems created by an 'insecure'
> random number a practical proposition? The only physical proof that I have
> seen presented for the 'timing attack' is 10 years old and relates to a
> 'small local network'? Processor speed has increased a little in 10 years
> and we now tend to work in 64bit chunks rather than 8 or 16bit? Although
> that does also enhance the power of the hackers ... So discussing something
> based on timing 8bit characters seems a little strange? Firebird code
> dropped the 10 year old process a few versions back. I was trying to
> establish where the risk was in PHP and while I am more than happy it does
> not exist in my own applications, while it remains an 'unpatched security
> risk' others will not accept that fact. What is still missing from the
> discussion is the level of risk these 'security problems' present?
> Grounding the security RFC's in a little factual base would be appreciated
> so that proper defence can be presented when required. Obviously 'fix in X'
> is ideal, but only if the full risk has been assessed?
>

If your system has many other open security concerns, then yes, timing
attacks are most certainly the least of your worries and you are very
welcome to ignore this issue until you have resolved the more pressing
ones. While I certainly appreciate working with secure software, it is not
a concern of this mailing list or its members whether or not you implement
mitigations against certain cryptographic attacks. It *is* however our
concern to provide the necessary means for the people who *do* wish to
implement the necessary safe-guards.

Also, I strongly suspect that you don't have sufficient cryptanalytic
background to assess the severity of certain attack vectors. While remote
string comparison timing attacks might be considered an exotic concern by
some people, usage of an unsuitable random number generator in the wrong
context is a most severe and typically easily exploitable vulnerability.
Dismissing it so easily certainly creates the impression that you have a
somewhat skewed perception of the severity of some attacks. You might
consider the possibility that your security consultant, given his line of
work, has a better understanding of application security than you do.

Thanks,
Nikita


   

Thread (15 messages)

• Lester CaineSat, 08 Feb 2014 11:52:24 +0000
  • Nikita PopovSat, 08 Feb 2014 12:08:42 +0000
    • Lester CaineSat, 08 Feb 2014 13:04:33 +0000
      • Nikita PopovSat, 08 Feb 2014 13:55:42 +0000
      • Pádraic BradySat, 08 Feb 2014 14:59:16 +0000
    • Andrea FauldsSat, 08 Feb 2014 13:03:04 +0000
      • Lester CaineSat, 08 Feb 2014 14:23:26 +0000
        • Pierre JoyeSat, 08 Feb 2014 14:26:44 +0000
          • Lester CaineSat, 08 Feb 2014 16:17:40 +0000
          • Thomas HruskaSat, 08 Feb 2014 16:14:28 +0000
            • Pádraic BradySat, 08 Feb 2014 16:31:29 +0000
              • Lester CaineSat, 08 Feb 2014 16:48:13 +0000
                • Pádraic BradySat, 08 Feb 2014 17:23:21 +0000
        • Rasmus LerdorfSat, 08 Feb 2014 17:09:39 +0000
          • Lester CaineSat, 08 Feb 2014 21:15:28 +0000