Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] ScatterChat Cryptanalytic Attack Vulnerability

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] ScatterChat Cryptanalytic Attack Vulnerability
Date: 13 Aug 2006 18:46:24 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  ScatterChat Cryptanalytic Attack Vulnerability
------------------------------------------------------------------------


SUMMARY

 <http://www.scatterchat.com/> ScatterChat is "an instant messaging 
project that aims to provide encryption and anonymity support with Tor to 
non-technical users such as human rights activists and political 
dissidents".

Steven Murdoch, a security researcher with the University of Cambridge, 
discovered a theoretical weakness in ScatterChat's cryptographic module. 
He found that an eavesdropper might locate patterns in a private  
communications channel if extraordinarily large amounts of messages were 
exchanged in a single conversation.

Note that this does not allow an eavesdropper to decrypt messages, nor 
determine a user's identity if anonymity is used.

The practical impact of this vulnerability is very low.

DETAILS

Vulnerable Systems:
 * ScatterChat version 1.0

Immune Systems:
 * ScatterChat version 2.0

It was found that the birthday attack could be used against the custom 
padding mechanism on the ECB-mode encryption of messages.

After 114KB of data is sent in a single conversation the probability of a 
collision between two 16-byte blocks is 1% and will reach 50% after 904KB, 
then 99% after 2.3MB (approximately). Note that conversations are reset 
when one or both peers sign off from the instant messaging service.

The above figures are calculated assuming that messages do not contain any 
entropy, which is unrealistic for an instant messaging environment. 
Assuming a rate of one bit of entropy per character, the probability of a 
collision is 1% after 580KB is exchanged and will reach 50% after 4,822KB, 
then 99% after 12,431KB (approximately).

Note that if each instant message was filled to its 500-byte capacity (as 
enforced by the system), then 580KB would be transfered after 1,188 
messages.

Impact:
The end-user impact of this issue is very low.

It is important to note that this issue does NOT allow an eavesdropper to 
decrypt any messages, nor does it allow them to discover the user's 
identity if the anonymity feature is used.

In general, this type of cryptanalytic attack allows an eavesdropper to 
determine patterns in an encrypted conversation, which in theory could 
yield information about messages if enough patterns were found and 
correlated. However, this issue only allows two 16-byte segments to be 
matched with 1% probability when at least 1,188 instant messages are 
exchanged in a single, uninterrupted session. In most cases, more than 
1,188 instant messages would need to be sent.

The information leaked in the above situation would be negligible.

This issue also affects any application that is built upon ScatterChat's 
encryption module.

Note that secure file transfers are not affected.

Solution:
The ScatterChat project takes both practical and theoretical 
vulnerabilities very seriously. However, due to the low impact of this 
vulnerability, and the high risk of introducing other subtle security 
problems in updating the protocol, this issue will not be fixed in the 
v1.0.x branch.

This issue will be rectified in the v2.0 series, which will replace the 
current cryptographic module with the well-tested OTR encryption module 
(http://www.cypherpunks.ca/otr/). A release date for v2.0 is not yet 
known.

Optionally, this issue can be mitigated through the use of the anonymity 
feature, as traffic analysis often requires a known context to make sense 
of patterns. Without the knowledge of who is communicating, an 
eavesdropper's attempts at interpreting patterns can be frustrated.

ScatterChat v1.0.x remains safe to use in the overwhelming majority of 
cases. However, for high risk, non-technical users, i.e., users operating 
behind national firewalls, we recommend extra caution.


ADDITIONAL INFORMATION

The information has been provided by Steven Murdoch.
The original article can be found at:  
<http://www.cl.cam.ac.uk/users/sjm217/> 
http://www.cl.cam.ac.uk/users/sjm217/



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] ScatterChat Cryptanalytic Attack Vulnerability, SecuriTeam <=
Previous by Date:  [NT] Vulnerabilities in Microsoft Office Allow Code Execution (MS06-048), SecuriTeam
Next by Date:  [UNIX] Calendarix calpath File Inclusion, SecuriTeam
Previous by Thread:  [NT] Vulnerabilities in Microsoft Office Allow Code Execution (MS06-048), SecuriTeam
Next by Thread:  [UNIX] Calendarix calpath File Inclusion, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]