[patch] more TLS configuration options for nnrpd

Russ Allbery eagle at eyrie.org
Sun Nov 9 18:12:30 UTC 2014


Julien ÉLIE <julien at trigofacile.com> writes:

> Would this CRIME exploit imply that using compression with encrypted
> data is not secure?  (Therefore, a possible COMPRESS command for the
> NNTP protocol should not be used at the same time as an encrypted
> layer...  We would then have to choose between compression or
> encryption!)

I went and reminded myself of the nature of the attack, and I think it may
not be relevant to NNTP.

The basic idea behind CRIME is that messages with almost the same content
cause noticable artifacts in the compressed output, primarily in sudden
changes in length based on the content of the underlying message.  An
observer of multiple almost-identical messages who knows the pattern of
the underlying data can use those variations to extract information about
secure data that's sent as part of the connection.

    http://en.wikipedia.org/wiki/CRIME

has a good summary.

This is an attack on HTTP because there are various ways were an attacker
can get a browser to perform multiple requests to a remote server, and
there is secure data (the session cookie) that the attacker wants to
extract.  But neither of those apply to NNTP.  Because NNTP is stateful,
it doesn't have security information that's sent with every request, which
is the target of a CRIME attack.  Security information is sent only once,
at first, as part of the authentication.  And there isn't a mechanism for
an attacker to get the NNTP client to send that message many, many times
with slight variations.

So, unless I'm missing something, I don't think this is something we need
to worry about for NNTP.  It's similar to IMAP in that regard:

http://security.stackexchange.com/questions/51579/do-the-beast-and-crime-attacks-apply-to-an-imap-service

(I think that message is wrong about the possibility of an attack via
sending the target a bunch of mail, since the other component of the
attack -- the security data contained in each client transmission -- is
still missing.)

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list