This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

How Cygwin counters man-in-the-middle (MITM) attacks


I'm trying to convince myself that the changes being made to Cygwin
will counter man-in-the-middle (MITM) attacks during installation or update.

Can someone tell me if the details below are correct?
I think something like this should be a new FAQ entry,
e.g., "How does Cygwin counter man-in-the-middle (MITM)
attacks during installation and update?"

Thanks.

--- David A. Wheeler



=== DETAILS ===


Here is how I think Cygwin will counter man-in-the-middle (MITM) attacks
during installation and update (once the switch to SHA-512 is complete):

1. The Cygwin server is correctly configured to support https (TLS).

   I checked Cygwin.com's SSL/TLS implementation using Qualsys
   ( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating
   of "B" (capped because it permits the RC4 cipher).
   That's reasonable evidence that it is correctly configured.

   The cygwin.com site now supports HTTP Strict Transport Security (HSTS)
   according to Qualsys.  I believe that is new (and welcome news),
   because HSTS counters many MITM attacks.

2. The setup program is downloaded by the user using https.

   The user downloads setup-x86.exe or setup-x86_64.exe using https;
   https causes the user's web browser to authenticate the data source.
   Downloading these executables wasn't protected by https at one time
   (see my report https://cygwin.com/ml/cygwin/2015-02/msg00875.html), but
   that has been fixed (https://cygwin.com/ml/cygwin/2015-02/msg00896.html).

3. The Cygwin key is embedded in the setup program.

   The setup program has the Cygwin public key embedded in it, so the
   Cygwin public key is protected by the previous step.
   You can confirm this by looking at the setup project
   (http://sourceware.org/cygwin-apps/setup.html) source code via a git clone,
   and looking at file "cyg-pubkey.h" which is automatically generated
   from file "cygwin.pub".

4. The package list (setup.{ini,bz2}) has its digital signature checked.

   The setup program downloads from some mirror site the latest package list
   "setup.bz2" (compressed) or "setup.ini" (uncompressed).
   The package list not only lists the official Cygwin packages, but it
   also includes their cryptographic hashes.
   The setup program also gets the relevant ".sig" (signature) file.
   A mirror could corrupt the package list or signature, but this is
   countered because the setup program checks that the package list
   is correctly signed using the public key embedded in the setup program
   (you have to use the "-X" option to NOT check signatures).
   The setup program also checks the setup.{bz2,ini}
   timestamp/version and reports to the user if the file
   goes backwards in time; that process detects downgrade attacks
   (e.g., where an attacker sends an old signed setup.ini file).

5. The possibly-updated packages to be installed are downloaded and their
   cryptographic hashes (from the signed setup.ini file) are checked.

   Currently (as of 2015-03-08) Cygwin uses MD5 cryptographic hashes.
   As long as MD5 is accepted then Cygwin is vulnerable to
   MITM, because MD5 is a totally broken algorithm. E.g., in 2012
   the Flame malware exploited MD5 to fake a Microsoft digital signature.

   However, the 2015-02-06 update of setup*.exe added support for SHA-512
   (e.g., see https://cygwin.com/ml/cygwin/2015-02/msg00093.html),
   and "we're going to switch to using SHA512 checksums in
   the setup.ini files in a couple of weeks and this requires all of you
   to use the newer Setup version."
   There are no known practical exploits of SHA-512 (part of SHA-2).


Obviously this argument doesn't discuss other attacks (e.g.,
is the cygwin.com server adequately countering attack, is the Cygwin private key protected,
are files protected as they come from developers, etc.).
But I think it's important to know about MITM.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]