From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: from tb-ob0.topicbox.com (tb-ob0.topicbox.com [64.147.108.117]) by inbox.vuxu.org (Postfix) with ESMTP id D092826C40 for ; Sun, 12 May 2024 20:20:14 +0200 (CEST) Received: from tb-mx1.topicbox.com (tb-mx1.nyi.icgroup.com [10.90.30.61]) by tb-ob0.topicbox.com (Postfix) with ESMTP id 669D735C1D for ; Sun, 12 May 2024 14:20:13 -0400 (EDT) (envelope-from bounce.mMbe7e83e1e06339063e6d8e8f.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com) Received: by tb-mx1.topicbox.com (Postfix, from userid 1132) id 61CF1140AA55; Sun, 12 May 2024 14:20:13 -0400 (EDT) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=e19LzOu2 header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:date:from:in-reply-to :mime-version:content-type:content-transfer-encoding:list-help :list-id:list-post:list-subscribe:reply-to:list-unsubscribe; s= sysmsg-1; t=1715538013; bh=+KgwZhVhKYA/IFjxYqNYJjTnx5XoAJYSQ73YQ APVqcs=; b=Q+vjOC4CnI4QtWvHLwNseFndY53mPFCUR+PPv14NsWkecY2t9xdIk mt/T7gz+NU22yxm72vfQpcWMD2TWeNnVGwrv22JH1xzsmcwT5x9m3HTRc02Cl2w5 N41Bbreb5XHU6RR87jvX1726jw4iqsqQ7KA2NXGaaPcwpKRTGINBFA= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1715538013; b=jjVKOOU7CY63EqzM25VwK++SFenA/RgrD1LmpqBT+y5mZYGaO1 oyug66W/CAkc97nWbI70GkYtu7/+Ncmwbde8MctoCoON/9mHpGaq6Yor40RX7JE5 5XnXGh8eiiai161yl483/P/xeSY3Rys8G+x2ea5zTk224+JgYqz9M5X6U= Authentication-Results: topicbox.com; arc=pass; dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=e19LzOu2 header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=e19LzOu2 header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; iprev=pass smtp.remote-ip=206.124.132.107 (mimir.eigenstate.org); spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mimir.eigenstate.org policy.ptr=mimir.eigenstate.org; x-return-mx=pass header.domain=eigenstate.org policy.is_org=yes (MX Records found: eigenstate.org,mail.pikopiko.org,kusuri.pikopiko.org,nokogiri.pikopiko.org); x-return-mx=pass smtp.domain=eigenstate.org policy.is_org=yes (MX Records found: eigenstate.org,mail.pikopiko.org,kusuri.pikopiko.org,nokogiri.pikopiko.org); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=message-id :to:subject:date:from:in-reply-to:mime-version:content-type :content-transfer-encoding:list-help:list-id:list-post :list-subscribe:reply-to:list-unsubscribe; s=dkim-1; t= 1715538013; x=1715624413; bh=15WQqZN+RmRveGhPBsmxaqZ7bBmnxK+Vt4V BURh40MQ=; b=k7M1lP1pmdnEdfYUTsHtPPKj6y8Ov0QeWkSy9TrQTKhQJv7ux/2 rc/bN8G6Ja1/kyu50viBguXPiS9oANXaW65koKcmg7Pk2yfieeaYDRqAdRMq96fH BLX2ZL32jnpVcgJy3vs1P5YFl70HEBhasOLuqR0scPTlo1Pt2ZWdKimU= Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id D0858140A561 for <9fans@9fans.net>; Sun, 12 May 2024 14:19:53 -0400 (EDT) (envelope-from ori@eigenstate.org) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 5C708413949; Sun, 12 May 2024 14:19:53 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1715537993; b=TPs8npvvKQyRMAI8NUt8+t17Pl+CID2svEEiNspEgthho3wjSs AuIxTUIY+EoGuTFmRsW1V5nLEVOn1obfEg5g9o/aihvb+eeM5sZn0QzV6LIi85mq NdmL8gK3f9xLvOSdj4oDA1jzLQkumUce0qgYuxtsu9ugH8O8Fx47Q/vbpKiVA2yK aDbLoWovDkrSbNrgJP1QsYuOrbF17LQMBomUhpc7Ngo0cctnL7EAnSHFT81sZgKZ EzIID+FxHq8XeUrYSi6lFiBRVeWkn2OzWlDQcQUNIEnSuWhhKXA/12SGLeVls5Gn EtXqYse+uqhU8r2ja6WZhylOcCBTlEGBim3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:date:from:in-reply-to :mime-version:content-type:content-transfer-encoding; s=arcseal; t=1715537993; bh=uV5185micI+t0DjL7U26h/+7L7JYjO0V9wuwBaBgtuo=; b= Jez741XIbWPHBVrV/LVfGLbkcBOCnke33XxpeuFW9DXY7Xm5YsSZmFM5swiRddTZ 2Rt84ArQKMEp7AQKwIHnPCYrlYqWhBd6cw3eM0cto8P4wwDDuNSbBdLWUJiwL2BU ueLOsNSP/xVCP1G+9pVON64CoMsCsQsb2NyPZVXEeLUnqpMrF7iCu2fnkI+hAUsg pYtcdH53og/uEu7RSFz3AvnzoCX/dpO55IFf2JKsDI9x7wpN6zD7OvIlD0W9tee6 J64PA8WFX/YuyOPxLLW0cAjcQWIoPNiQqIlnmngeQM5Bfixjprty5jhY9VnEDIUM 4Q61QrQGvyHCKYS6uqdhiA== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (1024-bit rsa key sha1) header.d=eigenstate.org header.i=@eigenstate.org header.b=e19LzOu2 header.a=rsa-sha1 header.s=mail x-bits=1024; dmarc=pass policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=eigenstate.org; iprev=pass smtp.remote-ip=206.124.132.107 (mimir.eigenstate.org); spf=pass smtp.mailfrom=ori@eigenstate.org smtp.helo=mimir.eigenstate.org; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mimir.eigenstate.org policy.ptr=mimir.eigenstate.org; x-return-mx=pass header.domain=eigenstate.org policy.is_org=yes (MX Records found: eigenstate.org,mail.pikopiko.org,kusuri.pikopiko.org,nokogiri.pikopiko.org); x-return-mx=pass smtp.domain=eigenstate.org policy.is_org=yes (MX Records found: eigenstate.org,mail.pikopiko.org,kusuri.pikopiko.org,nokogiri.pikopiko.org); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdegvddguddvvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkffvuf ffhfgjgggtgfesthekjedttddtjeenucfhrhhomhepohhrihesvghighgvnhhsthgrthgv rdhorhhgnecuggftrfgrthhtvghrnhepgedufedvtdfhuddvkedtuddvtddthfehueeife fhvdehheefuefhteegfffgheevnecuffhomhgrihhnpeifihhkihhpvgguihgrrdhorhhg necukfhppedvtdeirdduvdegrddufedvrddutdejpddvudeirdduheekrdduheejrdejud enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvtdeirdduvdeg rddufedvrddutdejpdhhvghlohepmhhimhhirhdrvghighgvnhhsthgrthgvrdhorhhgpd hmrghilhhfrhhomhepoehorhhisegvihhgvghnshhtrghtvgdrohhrgheqpdhnsggprhgt phhtthhopedupdhrtghpthhtohepoeelfhgrnhhsseelfhgrnhhsrdhnvghtqe X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (eigenstate.org: 206.124.132.107 is authorized to use 'ori@eigenstate.org' in 'mfrom' identity (mechanism 'ip4:206.124.132.96/28' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="ori@eigenstate.org"; helo=mimir.eigenstate.org; client-ip=206.124.132.107 Received: from mimir.eigenstate.org (mimir.eigenstate.org [206.124.132.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sun, 12 May 2024 14:19:52 -0400 (EDT) (envelope-from ori@eigenstate.org) Received: from mimir.eigenstate.org (localhost [127.0.0.1]) by mimir.eigenstate.org (OpenSMTPD) with ESMTP id 93615b53 for <9fans@9fans.net>; Sun, 12 May 2024 11:19:51 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=eigenstate.org; h=message-id :to:subject:date:from:in-reply-to:mime-version:content-type :content-transfer-encoding; q=dns; s=mail; b=auytU3jthHHirXD+BXl y6M332A8Lj5qFaBW4faLAVHY6CROJJ8pMH+t7yTNmaQr87QsSw0egzaenuH5JUx3 bMHM67wesXusSrnAz44wP7cz7Ixd28H/Ep0qOGv0kt6Vsh1jh0ZcEAHJwT7cY/kJ ksuWMrh/MSGbtjgsxdVvV63g= Received: from stockyard.localdomain ( [216.158.157.71]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id cffd1313 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9fans@9fans.net>; Sun, 12 May 2024 11:19:51 -0700 (PDT) Message-ID: To: 9fans@9fans.net Subject: Re: [9fans] one weird trick to break p9sk1 ? Date: Sun, 12 May 2024 14:19:49 -0400 From: ori@eigenstate.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 3d567438-108c-11ef-9cf3-c304de86ff8d Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UNTYzOTdlZmY2MjY5YWYyNy1NYmU3ZTgzZTFlMDYzMzkwNjNlNmQ4?= =?UTF-8?B?ZThmPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Mbe7e83e1e06339063e6d8e8f:1:YBNcFdhLQnTDiRx1jPewoyAGV0nig4uKziWjn61PdOo Quoth Richard Miller <9fans@hamnavoe.com>: > I'm using a new subject [was: Interoperating between 9legacy and 9front] > in the hope of continuing discussion of the vulnerability of p9sk1 without > too many other distractions. >=20 > moody@posixcafe.org said: > > If we agree that: > >=20 > > 1) p9sk1 allows the shared secret to be brute-forced offline. > > 2) The average consumer machine is fast enough to make a large amount o= f attempts in a short time, > > in other words triple DES is not computationally hard to brute force= these days. > >=20 > > I don't know how you don't see how this is trivial to do. >=20 > I agree that 1) is true, but I don't think it's serious. The shared secre= t is > only valid for the current session, so by the time it's brute forced, it = may > be too late to use. I think the bad vulnerability is that the ticket requ= est > and response can be used offline to brute force the (more permanent) DES = keys > of the client and server. Provided, of course, that the random teenager s= omehow > is able to listen in on the conversation between my p9sk1 clients and ser= vers. >=20 > On the other hand, it's hard to know whether to agree or disagree with 2), > without knowing exactly what is meant by "large amount", "short time", > "computationally hard", and "trivial". >=20 > When Jacob told me at IWP9 in Waterloo that p9sk1 had been broken, not > just theoretically but in practice, I was looking forward to seeing publi= cation > of the details. Ori's recent claim in 9fans seemed more specific: >=20 The intial exchange sends across the challenges: C=E2=86=92S: CHc S=E2=86=92C: AuthTreq, IDs, DN, CHs, -, - Because the challenge and IDs are sent as plain text, if I can decrypt the client message with a key and find my known plain text, that key will work to authenticate the client. For example, if I have a ticket, and a trace of the first few packets of the key exchange, I have enough information to do something like this: ticketpair =3D { Kc{AuthTc, CHs, IDc, IDr, Kn}, Ks{AuthTs, CHs, IDc, IDr, Kn} } cmsg =3D ticketpair[0] for(k in keyspace){ m =3D decrypt(k, cmsg) if(m.CHs =3D=3D CHs && m.IDs =3D=3D IDs) probably_bingo() } At that point, I need to guess the username, but this often is relatively easy -- often, this is posted publicly; you can probably guess that my user is 'ori' without trouble. With those bits of information, you're able to complete a new exchange as the client, and log in successfully. The EFF was cracking DES keys in 22 hours back in 1998. https://en.wikipedia.org/wiki/EFF_DES_cracker Hardware, in particular GPUs, have gotten quite a bit better since then. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-Mbe7e8= 3e1e06339063e6d8e8f Delivery options: https://9fans.topicbox.com/groups/9fans/subscription