The title reads like the name of a lecture in cryptography 101 or the first rule of Crypto Club. ‘DUHK‘ is in fact neither of those but the name of a recently disclosed vulnerability in a pseudorandom number generating algorithm (PNRG) that was until recently part of the federal standard X9.31.
Random numbers are essential to viable cryptography. They are also hard to obtain leading to solutions like using the physical properties of semiconductors or decaying matter, that are governed by quantum effects. The next best solution is to log events that are hard to predict like the timing of strokes on a keyboard. The weakest source of randomness is math, which makes sense, because one of maths most popular features is its predictability. Mathematical solutions have the one redeeming quality of being able to produce a lot of numbers that look random to a human in a short time.
PNRGs require a starting point from which they begin to produce their output. Once this seed is known the produced sequence becomes predictable.
The X9.31 PNRG is an algorithm that is used in various cryptographic algorithms and has been certified in the Federal Information Processing Standards for decades until it was dropped from the list of approved standards in 2016. The researchers behind DUHK found out that the standard allowed the seed to be stored in the source code of its implementation. The next step was to look for software that did this and they found X9.31 in an older version of FortiOS running on VPN gateways.
Should I be Worried?
Probably, maybe not. The analysis (PDF) published by the team behind DUHK notes that the vulnerability is limited to legacy implementations and doesn’t allow to takeover the device running them, only to eavesdrop on ‘secure’ connections. The scope of this is much more limited than exploits like remote code execution via bluetooth. It is on the other hand providing a strong case for handling standards and technical certifications with extreme scrutiny. The teams conduct also gives insight into the best practises for white-hat hacking which are frequently discussed around here. And they have a great theme song.
By now, most of us know the perks of using a VPN: they make private one’s online activity (at least from your ISP’s point of view, probably), and they can also make it appear as if you are in a different locale than you physically are. This is especially important for trying to watch events such as the Olympics which might air different things at different times in different countries. It’s also starting to be an issue with services like Netflix which allow content in some areas but not others.
While VPNs can help solve this problem, it can be tedious to set them up for specific purposes like this if you have to do it often. Luckily, [clashtherage] has created a router with a Raspberry Pi that takes care of all of the complicated VPN routing automatically. In much the same way that another RPi router we’ve seen eliminates ads from all of your internet traffic, this one takes all of your traffic and sends it to a locale of your choosing. (In theory one could use both at the same time.)
Obviously this creates issues for Netflix as a company, and indeed a number of services (like craigslist, for example) are starting to block access to their sites if they detect that a VPN is being used. Of course, this only leads to an arms race of VPNs being blocked, and them finding ways around the obstacles, and on and on. If only IPv6 was finally implemented, we might have a solution for all of these issues.
What is hacking and what is network engineering? We’re not sure where exactly to draw the lines, but [Artem]’s writeup of pivoting is distinctly written from the (paid) hacker’s perspective.
Once you’re inside a network, the question is what to do next. “Pivoting” is how you get from where you are currently to where you want to be, or even just find out what’s available. And that means using all of the networking tricks available. These aren’t just useful for breaking into other people’s networks, though. We’ve used half of these tools at one time or another just running things at home. The other half? Getting to know them would make a rainy-day project.
Is there anything that
socat can’t do? Maybe not, but there are other tools (
Rpivot) that will let you do it easier. You know how clients behind a NAT firewall can reach out, but can’t be reached from outside?
ssh -D will forward a port to the inside of the network. Need to get data out? There’s the old standby
iodine to route arbitrary data over DNS queries, but [Artem] says
dnscat2 works without root permissions. (And this code does the same on an ESP8266.)
Once you’ve set up proxies inside, the tremendously useful
proxychains will let you tunnel whatever you’d like across them. Python’s
pty shell makes things easier to use, and
tsh will get you a small shell on the inside, complete with file-transfer capabilities.
Again, this writeup is geared toward the pen-testing professional, but you might find any one of these tools useful in your own home network. We used to stream MP3s from home to work with some (ab)use of
ssh. We keep our home IoT devices inside our own network, and launching reverse-proxies lets us check up on things from far away without permanently leaving the doors open. One hacker’s encrypted tunnel is another man’s VPN. Once you know the tools, you’ll find plenty of uses for them. What’s your favorite?
Thanks [nootrope] for the indirect tip!
Since [Snowden]’s release of thousands of classified documents in 2013, one question has tugged at the minds of security researchers: how, exactly, did the NSA apparently intercept VPN traffic, and decrypt SSH and HTTP, allowing the NSA to read millions of personal, private emails from persons around the globe? Every guess is invariably speculation, but a paper presented at the ACM Conference on Computer and Communications Security might shed some light on how the NSA appears to have broken some of the most widespread encryption used on the Internet (PDF).
The relevant encryption discussed in the paper is Diffie–Hellman key exchange (D-H), the encryption used for HTTPS, SSH, and VPN. D-H relies on a shared very large prime number. By performing many, many computations, an attacker could pre-compute a ‘crack’ on an individual prime number, then apply a relatively small computation to decrypt any individual message that uses that prime number. If all applications used a different prime number, this wouldn’t be a problem. This is the difference between cryptography theory and practice; 92% of the top 1 Million Alexa HTTPS domains use the same two prime numbers for D-H. An attacker could pre-compute a crack on those two prime numbers and consequently be able to read nearly all Internet traffic through those servers.
This sort of attack was discussed last spring by the usual security researchers, and in that time the researchers behind the paper have been hard at work. The earlier discussion focused on 512-bit D-H primes and the LogJam exploit. Since then, the researchers have focused on the possibility of cracking longer 768- and 1024-bit D-H primes. They conclude that someone with the resources of cracking a single 1024-bit prime would allow an attacker to decrypt 66% of IPsec VPNs and 26% of SSH servers.
There is a bright side to this revelation: the ability to pre-compute the ‘crack’ on these longer primes is a capability that can only be attained by nation states as it’s on a scale that has been compared to cracking Enigma during WWII. The hardware alone to accomplish this would cost millions of dollars, and although this computation could be done faster with dedicated ASICs or other specialized hardware, this too would require an enormous outlay of cash. The downside to this observation is, of course, the capability to decrypt the most prevalent encryption protocols may be in the hands of our governments. This includes the NSA, China, and anyone else with hundreds of millions of dollars to throw at a black project.
Let’s start off this weekend’s links post with some advertising. We like targeted ads (mostly because we don’t have pooping problems and are tired of hearing about Activia). So we applaud IBM for finding our number with this commercial which produces a stop-motion animation using single atoms as pixels. Wow! [via Reddit and Internet Evolution]
Speaking of commercials, here’s some snake-oil which lets you touch a boob without being in the same room with the person [Thanks Michael].
Moving right along we’ve got a trio of trackpad hacks. There’s one that lets you use the keyboard and trackpad of a MacBook as a standalone USB input device [via Reddit]. Or you could take a Toshiba laptop to the tablesaw to turn it into a USB trackpad. But maybe your Acer C7 Trackpad doesn’t work very well and you just need better grounding.
[Nick McGill] is a member of the team developing an upper body exoskeleton as an assistive technology. This made the rounds on tech websites but the lack of in-depth build info on the project site kept it from getting its own feature here.
If you have a router capable of running DD-WRT here’s a method of setting up a PPTP VPN for free.
And finally, you may remember hearing about the original Prince of Persia source code being discovered and released about a year ago. Well [Adam Green] figured out how to compile it into the original Apple II floppy disks. [Thanks Arthur]
We ran into a friend a while back who was logging into her employer’s Virtual Private Network on the weekend. She caught our attention by whipping out her keys and typing in some information from a key-fob. It turns out that her work uses an additional layer of protection for logging into the network. They have implemented a username, pin number, as well as a hardware token system called SecurID.
The hardware consists of a key-fob with an LCD screen on it. A code is displayed on the screen and changes frequently, usually every 60 seconds. The device is generating keys based on a 128-bit encryption seed. When this number is fed to a server that has a copy of that seed, it is used as an additional verification to the other login data.
This seems like a tech trickle-down of the code generating device from GoldenEye. It does get us thinking: with the problems free email services have been having with account theft, why aren’t they offering a fee-based service that includes a security fob? With the right pricing structure this could be a nice stream of income for the provider. We’re also wondering if this can be implemented with a microcontroller and used in our home network. As always, leave comments below and let us know if you’ve already built your own system using these principles.
Update: Thanks to Andre for his comment that tells us this type of security is available for Apache servers. The distribution includes a server side authentication system and a Java based token generator that can run on any handheld that supports Java.
Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.
The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.