This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How Cygwin counters man-in-the-middle (MITM) attacks


David A. Wheeler writes:
>    I checked Cygwin.com's SSL/TLS implementation using Qualsys
>    ( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating
>    of "B" (capped because it permits the RC4 cipher).

That's not what I see at the moment, so you might want to check again:

Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-08 20:38 CET
Nmap scan report for cygwin.com (209.132.180.131)
Host is up (0.21s latency).
rDNS record for 209.132.180.131: server1.sourceware.org
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=cygwin.com/organizationName=Red Hat Inc./stateOrProvinceName=North Carolina/countryName=US
| Issuer: commonName=DigiCert SHA2 High Assurance Server CA/organizationName=DigiCert Inc/countryName=US
| Public Key type: rsa
| Public Key bits: 4096
| Not valid before: 2014-05-15T23:00:00+00:00
| Not valid after:  2016-05-20T11:00:00+00:00
| MD5:   d888 b3ed 9f0f f8d1 5b57 fdd7 5122 bb53
|_SHA-1: 349e 7f24 e249 2256 af2d 15a9 2883 ce84 4a40 a88f
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors: 
| 
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|     compressors: 
|       NULL
|_  least strength: weak

> 5. The possibly-updated packages to be installed are downloaded and their
>    cryptographic hashes (from the signed setup.ini file) are checked.
>
>    Currently (as of 2015-03-08) Cygwin uses MD5 cryptographic hashes.
>    As long as MD5 is accepted then Cygwin is vulnerable to
>    MITM, because MD5 is a totally broken algorithm. E.g., in 2012
>    the Flame malware exploited MD5 to fake a Microsoft digital signature.

Setup.ini also records the file size, so a successful attack would need
to pack a malicous payload into a valid archive of the same size and the
same MD5 checksum.  I think that is a much taller order than simply
creating a hash collision.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]