Yet Another SSL Attack – DROWN

As many of you know, I am not a big fan of SSL.  This week YET ANOTHER SSL attack was announced and patches for OpenSSL were released.  There is a HUGE gap between patches being released and software being deployed in all places that use the affected software.  It can take years.  And all that time, attackers can have their way with your data.

The attack, called DROWN for Decrypting RSA with Obsolete and Weakened eNcryption, has it’s own website ( and a logo.  Very catchy.

This is the third KNOWN attack against SSL in a year due to efforts made a long time ago by the government to weaken encryption.  Decades later, we are still fighting to recover from these efforts.

The FREAK attack went after EXPORT grade keys that were required a long time ago but are still supported by many browsers.

The LOGJAM attack goes after reduced strength, export legal, Diffie Hellman key exchange that is still part of the protocol.

This attack goes after SSL v2, which should have been turned off by anyone who is doing things remotely right.  Sadly, it is easy to test for (PM me for instructions or I will test for you).

This attack works EVEN if the browser is using the most current TLS – as long as the server supports SSL v2.

Ars Technica did a little trolling and came up with 11 million web sites and email services impacted by this.

Researchers have said that they can use this attack to decrypt previously captured traffic, which makes it particularly nasty.

The researchers say that they can decrypt traffic using low cost techniques (about $400 of Amazon server time) in from minutes to hours in the worst case.

Three things make this especially problematic:

  1. We are still trying to get sites to fix the earlier two bugs – this is far from done.  In fact, people still haven’t fixed HEARTBLEED and it was a worse type of attack.
  2. USERS have no ability to fix this.  They are dependent on the server owner to fix it.  The good news is that moderately sophisticated users can use online tools to at least see if web or mail servers that they are using are impacted.
  3. And last, but probably most importantly, we are again in the middle of another war between tech companies and the government to weaken crypto again.  With likely guaranteed results that such a weakening will cause more of this kind of problem.

Hackers, of course, love this and send birthday and Valentines Day cards to their local federal prosecutors for making it much easier to hack people.

Of course politicians don’t understand technology – except, MAYBE, the FIVE people between the House and Senate that have computer science degrees.

Cryptography is EXTREMELY hard – at least if you want it to offer any real protection from hackers.  It is also VERY BRITTLE, meaning that even seemingly simple, minor changes can subtly break it in ways that are not obvious. And which may take decades for us to detect – but not necessarily as long for the hackers to detect.

As we continue to see, if we mess with crypto in ways having nothing to do with improving it, we continue to break things.

FREAK exploited a weakness introduced to calm Federal law enforcement decades ago.

LOGJAM has been around for 20 years.

And now, DROWN was introduced when SSL v2 was introduced.  SSL v2 has been known to be insecure for 20 years, meaning it has been around for longer than that.

While these attacks were all discovered in the last year, the systems that use the affected protocols have been vulnerable for decades.

What we do not know is who knew about these vulnerabilities when.  The NSA – maybe OK.  The Chinese, Russians or North Koreans – likely not as OK.  Hackers who know about it now – definitely not OK.

Information for this post came from CSO and Ars Technica.

Leave a Reply

Your email address will not be published. Required fields are marked *