This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: How Cygwin counters man-in-the-middle (MITM) attacks
- From: Achim Gratz <Stromeko at nexgo dot de>
- To: cygwin at cygwin dot com
- Date: Sun, 08 Mar 2015 20:44:30 +0100
- Subject: Re: How Cygwin counters man-in-the-middle (MITM) attacks
- Authentication-results: sourceware.org; auth=none
- References: <E1YUgpo-0002Wt-L5 at rmm6prod02 dot runbox dot com>
David A. Wheeler writes:
> I checked Cygwin.com's SSL/TLS implementation using Qualsys
> ( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating
> of "B" (capped because it permits the RC4 cipher).
That's not what I see at the moment, so you might want to check again:
Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-08 20:38 CET
Nmap scan report for cygwin.com (209.132.180.131)
Host is up (0.21s latency).
rDNS record for 209.132.180.131: server1.sourceware.org
PORT STATE SERVICE
443/tcp open https
| ssl-cert: Subject: commonName=cygwin.com/organizationName=Red Hat Inc./stateOrProvinceName=North Carolina/countryName=US
| Issuer: commonName=DigiCert SHA2 High Assurance Server CA/organizationName=DigiCert Inc/countryName=US
| Public Key type: rsa
| Public Key bits: 4096
| Not valid before: 2014-05-15T23:00:00+00:00
| Not valid after: 2016-05-20T11:00:00+00:00
| MD5: d888 b3ed 9f0f f8d1 5b57 fdd7 5122 bb53
|_SHA-1: 349e 7f24 e249 2256 af2d 15a9 2883 ce84 4a40 a88f
| ssl-enum-ciphers:
| SSLv3: No supported ciphers found
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_IDEA_CBC_SHA - weak
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
|
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
| TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_SEED_CBC_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| compressors:
| NULL
|_ least strength: weak
> 5. The possibly-updated packages to be installed are downloaded and their
> cryptographic hashes (from the signed setup.ini file) are checked.
>
> Currently (as of 2015-03-08) Cygwin uses MD5 cryptographic hashes.
> As long as MD5 is accepted then Cygwin is vulnerable to
> MITM, because MD5 is a totally broken algorithm. E.g., in 2012
> the Flame malware exploited MD5 to fake a Microsoft digital signature.
Setup.ini also records the file size, so a successful attack would need
to pack a malicous payload into a valid archive of the same size and the
same MD5 checksum. I think that is a much taller order than simply
creating a hash collision.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple