Jump to content
Not connected, Your IP: 18.224.73.157
JamesDean

TLS "Lucky 13" Attack

Recommended Posts

Hello!

The attack is ineffective against OpenVPN for various reasons:

- the attack is faster with DTLS, which is not used by OpenVPN

- in absence of DTLS, the attacker needs to send the same plaintext secret on thousands of different connections to the same server; in order to do so, aid of cookies, javascript injection and usage of a browser by the victim is mandatory, all requisites which are not met by OpenVPN

- the attack in absence of DTLS requires a considerable time, superior to the the TLS keys re-negotiation OpenVPN time (60 minutes by default, and you can also lower it on the client side)

- if an adversary has the power to inject forged packets in an OpenVPN connection, and even if the attacker were able to pass the OpenVPN HMAC verification, tunnel authentication renegotiation is started again by OpenVPN

It is relevant that the researchers who invented the attack (a variant of a previous, well-known attack to which OpenVPN is immune) did not cite OpenVPN in their paper, their attack was based, in absence of DTLS, essentially against https, because without cookies and javascript injections it is practically impossible to perform a successful attack.

Of course we will be following closely the developments, in case the attack is enhanced.

About our https website, using RC4 (fully supported by our web server) greatly mitigates the risks, and anyway you can connect to our website via TOR or via OpenVPN to stay absolutely safe.

References;

http://www.imperialviolet.org/2013/02/04/luckythirteen.html

Kind regards

Share this post


Link to post

Hello!

The attack is ineffective against OpenVPN for various reasons:

- the attack is faster with DTLS, which is not used by OpenVPN

- in absence of DTLS, the attacker needs to send the same plaintext secret on thousands of different connections to the same server; in order to do so, aid of cookies, javascript injection and usage of a browser by the victim is mandatory, all requisites which are not met by OpenVPN

- the attack in absence of DTLS requires a considerable time, superior to the the TLS keys re-negotiation OpenVPN time (60 minutes by default, and you can also lower it on the client side)

- if an adversary has the power to inject forged packets in an OpenVPN connection, and even if the attacker were able to pass the OpenVPN HMAC verification, tunnel authentication renegotiation is started again by OpenVPN

It is relevant that the researchers who invented the attack (a variant of a previous, well-known attack to which OpenVPN is immune) did not cite OpenVPN in their paper, their attack was based, in absence of DTLS, essentially against https, because without cookies and javascript injections it is practically impossible to perform a successful attack.

Of course we will be following closely the developments, in case the attack is enhanced.

About our https website, using RC4 (fully supported by our web server) greatly mitigates the risks, and anyway you can connect to our website via TOR or via OpenVPN to stay absolutely safe.

References;

http://www.imperialviolet.org/2013/02/04/luckythirteen.html

Kind regards

It would still make a lot of sense to switch to or at least support AES-GCM to make the attack or any related future attack completely infeasible. Consider this a vote in favour.

(Now that Firefox should be getting support momentarily, it would be nice to see this on the web server, too. IE (or, rather, Windows schannel) appears to contain support as well. Chrome continues to use Windows schannel for its crypto—unknown whether it can use AES-GCM.)

Share this post


Link to post

I vote for AES-GCM support, I have a firewall/router running pfSense 2.2 and hardware with AES-NI support, VPN traffic would have a great benefit.

 

 

Sent from my iPad using Tapatalk


- Router/Firewall pfSense 23.01 (11th Gen Intel(R) Core(TM) i5-11320H @ 3.20GHz)

- Switch Cisco SG350-10

- AP Netgear RAX200 (Stock FW)

- NAS Synology DS1621+ (5 x 5TB WD Red)

- ISP: Fiber 1000/300 (PPPoE)

 

Share this post


Link to post

Hi Wolf666,

Wow, that is almost a 2 years old bump...

AES-GCM is still a milestone for OpenVPN 2.4.x, and it wasn't yet confirmed by them when (and if) they are planning to implement it...

https://community.openvpn.net/openvpn/ticket/301

 

So unless it will be supported there, there is not much Air can do in this matter :/

 

OpenVPN-NL supports GCM for awhile ago, I think since the last year or so.

https://openvpn.fox-it.com/

As well as some 3d party hacks:

https://github.com/syzzer/openvpn/tree/aead-cipher-modes5

 

But that's a custom patched version that is not supported by OpenVPN itself. I don't see other providers jump on it as well at this moment.

 


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Thanks zhang888,

I hope OpenVPN will implement soon, hardware is ready and cheap.

 

 

Sent from my iPad using Tapatalk


- Router/Firewall pfSense 23.01 (11th Gen Intel(R) Core(TM) i5-11320H @ 3.20GHz)

- Switch Cisco SG350-10

- AP Netgear RAX200 (Stock FW)

- NAS Synology DS1621+ (5 x 5TB WD Red)

- ISP: Fiber 1000/300 (PPPoE)

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...