[ga] Kaminsky on dns bugs - Bernstein responds

["Joe Baptista" <baptista@xxxxxxxxxxxxxx>]

Well the long-awaited description of Dan Kaminsky's regarding the dns
vulnerabilities was released as a 104-slide Powerpoint presentation:

 http://www.doxpara.com/DMK_BO2K8.ppt

On slide 34 it claims that DJB (Dr. Bernstein) WAS RIGHT.  This is something
we all have known for years.  But then Kaminsky went on to hang himself by
saying that DJB was "NOT PERFECT, we're seeing (and patching, don't ask)".
Kaminsky offers as an example that the birthday attack protection was not
implemented by Bernstein because he believed port randomization was enough,
and goes on to say that DJBDNS has other known issues too.

People this claim by Kaminsky is a load of crap and once again furthers my
claim that the recent security issues are nothing more then the rehashing of
old security problem that Bernstein addressed years ago.

In any case there was a response to this by Bernstein - the response is
below.  As you can see Bernstein supports what I have been going on about
concerning these recent dns securities issues.  The problems have been known
for years and this is nothing more then a rehash of existing security issues
to exploit user hysteria in the hope the world can be tricked into accepting
yet another useless insecure protocol - being DNSSEC.

I agree with Bernstein that the recent patches don't fix the problem.  In
any case here is Bernsteins reply for the record.

regards
joe baptista

---------- Forwarded message ----------
From: D. J. Bernstein <djb@xxxxxxxx>
Date: Thu, Aug 7, 2008 at 11:42 PM
Subject: Re: Kaminsky on djbdns bugs
To: dns@xxxxxxxxxxxxx


Kyle Wheeler writes:
> That makes it easier for an attacker to guess the right number, but
> only somewhat (your chances per-guess go from one in four billion to,
> say, thirty in four billion). This criticism of djbdns seems
> somewhat... well, specious.

http://cr.yp.to/djbdns/forgery.html has, for several years, stated the
results of exactly this attack:

  The dnscache program uses a cryptographic generator for the ID and
  query port to make them extremely difficult to predict. However,

  * an attacker who makes a few billion random guesses is likely to
    succeed at least once;
  * tens of millions of guesses are adequate with a colliding attack;

etc. The same page also states bilateral and unilateral workarounds that
would raise the number of guesses to "practically impossible"; but then
focuses on the real problem, namely that "attackers with access to the
network would still be able to forge DNS responses."

I suppose I should be happy to see public awareness almost catching up
to the nastiest DNS attacks I considered in 1999. However, people are
deluding themselves if they think they're protected by the current
series of patches. UIC is issuing a press release today on this topic;
see below.

---D. J. Bernstein, Professor, Mathematics, Statistics,
and Computer Science, University of Illinois at Chicago


DNS still vulnerable, Bernstein says

CHICAGO, Thursday 7 August 2008 - Do you bank over the Internet? If so,
beware: recent Internet patches don't stop determined attackers.

Network administrators have been rushing to deploy DNS source-port
randomization patches in response to an attack announced by security
researcher Dan Kaminsky last month. But the inventor of source-port
randomization said today that new security solutions are needed to
protect the Internet infrastructure.

"Anyone who knows what he's doing can easily steal your email and insert
fake web pages into your browser, even after you've patched," said
cryptographer Daniel J. Bernstein, a professor in the Center for
Research and Instruction in Technologies for Electronic Security (RITES)
at the University of Illinois at Chicago.

Bernstein's DJBDNS software introduced source-port randomization in
1999 and is now estimated to have tens of millions of users. Bernstein
released the DJBDNS copyright at the end of last year.

Kaminsky said at the Black Hat conference yesterday that 120,000,000
Internet users were now protected by patches using Bernstein's
randomization idea. But Bernstein criticized this idea, saying that it
was "at best a speed bump for blind attackers" and "an extremely poor
substitute for proper cryptographic protection."

DNSSEC, a cryptographic version of DNS, has been in development since
1993 but is still not operational. Bernstein said that DNSSEC offers "a
surprisingly low level of security" while causing severe problems for
DNS reliability and performance.

"We need to stop wasting time on breakable patches," Bernstein said. He
called for development of DNSSEC alternatives that quickly and securely
reject every forged DNS packet.

Press contact: Daniel J. Bernstein <press-20080807@xxxxxxxxxxxx>

-30-

-- 
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084