linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1484807] Re: Encryption problems in DC++ 0.851 when connecting to a LUADCH hub

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: cologic <1484807@xxxxxxxxxxxxxxxxxx>
Date: Sat, 12 Sep 2015 14:30:25 -0000
Reply-to: Bug 1484807 <1484807@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Copying my response from the other bug:

I fully support elliptic curve cryptography, but your statement that
"There is no support for ciphers with elliptic curves in current
versions of dc++ (v0.851)." is simply inaccurate.

For the record, as of DC++ 0.851, it supports the following
ciphersuites, copy/pasted directly from CryptoManager.cpp: "ECDHE-RSA-
AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-
AES128-SHA:AES128-SHA". ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-
AES128-SHA256, and ECDHE-RSA-AES128-SHA do use elliptic curves.

Regarding ECDSA specifically, vs the also-elliptic-curve ECDHE, https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys/41509 and, for example:
"Also, DSA and ECDSA have a nasty property: they require a parameter usually called k to be completely random, secret, and unique. In practice that means that if you connect to your server from a machine with a poor random number generator and e.g. the the same k happens to be used twice, an observer of the traffic can figure out your private key. (source: Wikipedia on DSA and ECDSA, also this)."

As https://tools.ietf.org/html/rfc6979 elaborates:
One characteristic of DSA and ECDSA is that they need to produce, for
each signature generation, a fresh random value (hereafter designated
as k). For effective security, k must be chosen randomly and
uniformly from a set of modular integers, using a cryptographically
secure process. Even slight biases in that process may be turned
into attacks on the signature schemes.

ECDHE-RSA-* don't have this problem, while ECDHE-ECDSA-* at least
historically have.

It's possible that
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=190c615d4398cc6c8b61eb7881d7409314529a75
adequately protects against this threat, though it does not implement
RFC 6979 per se. I'll investigate whether ECDSA's glass jaw has been
adequately ameliorated.

--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1484807

Title:
Encryption problems in DC++ 0.851 when connecting to a LUADCH hub

Status in DC++:
New

Bug description:
we are running Luadch 2.14 in the hubs and when we updated to the latest we got problems whit 0.851 clients. It works whit 0.843.
Whit the 0.851 we get tls error..
I have talkt to the Dev from Luadch and they say that this is something wrong whit 0.851

Kungen

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1484807/+subscriptions

References

[Bug 1484807] [NEW] encrypt problems in 0.851
From: Janne, 2015-08-14