DROWNing in weak crypto

DROWN Attack

Until 2000, restrictions were placed on cryptographic products developed in the US. Throughout the Cold War, encryption technology (techniques, equipment, and software) was classified as “Materials and Miscellaneous Articles” on the United States Munitions List. The¬†Coordinating Committee for Multilateral Export Controls,¬†or CoCom, set limits on exactly how secure cryptography developed in the US could be if it would be used outside the states, as they would with missiles or other military technology.

CoCom’s solution was export-grade keys. Typically, cryptography combines keys with random numbers to create a pattern that can be applied to data. The encrypted data looks like jumbled garbage, but when the key and numbers are applied again, it reverts back to its original form. In general, the longer a key is, the harder it is to crack. CoCom mandated that exported algorithms could only support keys up to a certain length, enabling anyone with a supercomputer (namely governments) to crack them.

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is an attack against SSL v2. SSL v2 is now 21-year-old ciphersuite that was retired a year after release due to numerous flaws. If you were paying attention to that first paragraph, you’ll remember that CoCom was still regulating cryptography then. It’s common for servers keep older ciphersuites enabled for backwards compatibility with old devices, or because administrators don’t know any better. As a result, many web services are still supporting weak export-grade cryptography. Researchers disclosed DROWN on March 1. At that time, roughly a third of all sites supporting encrypted traffic were vulnerable (kudos to Stevens’ IT department for quickly fixing the vulnerability on our sites).

DROWN is hardly the first attack taking advantage of export-grade cryptography. Attacks like last year’s FREAK are made possible by crypto designed to be broken. DROWN and FREAK should be warning signs to lawmakers currently considering cryptography regulation and bans: weakening our security will not improve our safety in the long run.