|
Howdie! The PTFs mentioned in the attached message have been released. Please note that these PTFs are NOT hiper PTFs but they will be on the next cum package for V4R1M0 and for V4R2M0. The PTFs are: V4R1M0 5769999 MF19823 V4R2M0 5769999 MF19824 Mark L Bauman ---------- Forwarded message begins here ---------- Date: Thu, 2 Jul 1998 15:08:24 -0500 (CDT) From: Mark Bauman <mlbauman@VNET.IBM.COM> To: "Midrange List" <MIDRANGE-L@midrange.com>, MIDRANGE-L@midrange.com Subject: Re: E-Commerce Software Flaw Found Sender: owner-midrange-l@midrange.com Howdie Midrange! This is the first place I decided to post this message! It discusses the potential threat to AS/400 native SSL enabled servers from a PKCS #1 attack as detailed in the following information. Anyone using the limited availability PTF to obtain the SSL APIs should be reading this information. RSA Data Security Inc. announced Friday, June 26th, on its website at http://www.rsa.com, that there is a security exposure with protocols and applications that use RSA PKCS#1 for key or data exchange. SSL is one such protocol. To see more about the general IBM response to this exposure see URL http://www.ibm.com/security/html/featrsaann.html. To see more about the technical announcement visit the RSA PKCS #1 webpage at http://www.rsa.com/rsalabs/pkcs1/. Please note that this attack is theory - it has not been implemented by anyone or successfully tested in an actual real life situation. AS/400 has analyzed the recently found potential threat to the PKCS #1 based interactive key exchange used in the OS/400 native SSL implementation. Below is the result of that analysis, including a discussion of the current counter measures that exist in the current code, and the proposed additional counter measure implementation. The problem, as it relates to an SSL user, is as follows: 1) A hacker could record an SSL session between an interactive SSL enabled client and server. If the session was recorded over the Internet, the hacker would have to ensure that they filtered out all other traffic other than the actual SSL packets between a specific client and a specific server. 2) After recording the SSL session, the hacker could extract handshake messages from within that recorded session and use the handshake messages as a basis for construction of carefully formatted messages to be used to probe the server. 3) The hacker would attempt to repeatedly establish an SSL session connection with the SSL enabled server using these carefully constructed messages. The response to each probe would need to be carefully analyzed and based on the server's response, each additional probe would be adjusted accordingly. Eventually, after approximately 1,000,000 probes, the hacker could break the encrypted handshake message's PKCS #1 digital envelope. 4) Once the handshake message's digital envelope is broken, the hacker could eventually determine the read and write symmetric keys for that particular, recorded SSL session and would be able to decode any encrypted data from that specific recorded SSL session. 5) The hacker would only be able to recover data from a single session per attack. No other SSL session's data could be decrypted unless the hacker went thru all of the same steps for each SSL session. 6) The private key of the server is not exposed or at risk by this attack. 7) This problem only affects the server implementations of SSL or server applications built using SSL. It does not affect client SSL code. There are counter measures for this type of attack. See URL http://www.rsa.com/rsalabs/pkcs1/prescriptions.html for details. Three of these counter measures relate directly to the code for any SSL implementation. OS/400 native SSL implements two of the three counter measures in the original V4R1M0 and V4R2M0 native SSL server code. These two counter measures alone increases the number of messages required to break the digital envelope of the handshake message from 1,000,000 message probes to over 20,000,000 message probes. Even though the risk from this attack to OS/400 SSL servers is very small (based on the fact that this attack has not actually been implemented, and the fact that the original OS/400 native SSL code already implements two of the three counter measures) we take this potential attack very seriously. Therefore, the third counter measure is currently being implemented for V4R1M0 and V4R2M0 releases. PTFs containing the updated SSL code with the third counter measure will be made available soon. Once the PTFs are completed and tested this posting will be updated with their availability. Mark L. Bauman As/400 Communications Software Development +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
