[Busec] SHA-1 shattered!

Ari Trachtenberg trachten at bu.edu
Thu Feb 23 14:32:12 EST 2017


Actually ... these are by far *not* the lowest hanging security fruit on campus.

As of now, there is no authenticated method for sending any e-mails to the community ...
not emergency e-mails (incident on X rd. - please stay away), not sysadmin e-mails
(please upgrade your machine using the following commands as root), not faculty
e-mails to student (class is canceled today).

No attacker is going to waste time munging a SHA-1 hash when a simple well-crafted
phish would work.

best,
	-Ari

> On Feb 23, 2017, at 12:05 PM, Kolodenker, Yevgeniy <eugenek at bu.edu> wrote:
> 
> Let's first make https://bu.edu <https://bu.edu/> actually work (no www), so people actually use the HTTPS version.
> 
> 
> 
> On Thu, Feb 23, 2017 at 11:01 AM, Mayank Varia <varia at bu.edu <mailto:varia at bu.edu>> wrote:
> Very cool! Thanks for sharing, Aanchal.
> 
> Question: can we leverage the break to convince the powers-that-be at BU IS&T to upgrade their servers to negotiate better ciphers? My connection to https://www.bu.edu <https://www.bu.edu/> uses okay-ish* public key crypto, but it then uses HMAC over SHA-1 for symmetric authentication.**
> 
> Good thing it is not used for anything like BUWorks (which contains my PII and allows someone to choose where my salary is direct-deposited) or FacultyLink (where I enter the students' final grades at the end of the semester).***
> 
> Screenshot attached from Google Chrome.
> 
> Mayank
> 
> * I'm trying to be generous here. Google is less generous.
> 
> ** I know that HMAC doesn't require SHA-1 to be collision resistant (http://cseweb.ucsd.edu/~mihir/papers/hmac-new.html <http://cseweb.ucsd.edu/~mihir/papers/hmac-new.html>). Still, their cipher negotiation is massively outdated in general. What's that saying: never let a crisis go to waste.
> 
> *** The web login page negotiates AES256-GCM, but then the actual grading page itself negotiates the same ciphers as the main page.
> 
> <pasted1.png>
> 
> 
> On Thu, Feb 23, 2017 at 10:04 AM Aanchal Malhotra <aanchal4 at bu.edu <mailto:aanchal4 at bu.edu>> wrote:
> http://shattered.io/ <http://shattered.io/>
> 
> SHA-1 collision now a reality. Colliding PDFs, infographics, etc..
> Good thing it is not used for anything like git or PGP.
> 
> 
> _______________________________________________
> Busec mailing list
> Busec at cs.bu.edu <mailto:Busec at cs.bu.edu>
> http://cs-mailman.bu.edu/mailman/listinfo/busec <http://cs-mailman.bu.edu/mailman/listinfo/busec>
> 
> _______________________________________________
> Busec mailing list
> Busec at cs.bu.edu <mailto:Busec at cs.bu.edu>
> http://cs-mailman.bu.edu/mailman/listinfo/busec <http://cs-mailman.bu.edu/mailman/listinfo/busec>
> 
> 
> _______________________________________________
> Busec mailing list
> Busec at cs.bu.edu
> http://cs-mailman.bu.edu/mailman/listinfo/busec

—
Prof. Ari Trachtenberg
Electrical and Computer Engineering
Boston University
trachten at bu.edu





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20170223/a4834a83/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20170223/a4834a83/attachment.sig>


More information about the Busec mailing list