On Fri 2015-06-05 10:58:55 -0400, sajolida wrote:
> intrigeri:
>> the Tor Browser dev team is preparing a 4.5.2 release to fix Logjam.
>> GeKo tells me that "the fix for ESR landed last week but mozilla does
>> not deem that important enough to make a chemspill" and "so we
>> basically cherry-picked the patches only".
>
> So Mozilla didn't bother to fix it as an emergency, but TBB does. Do we
> know more about the motivations of Firefox and TBB to decide that? Does
> this attack has some special power in the context of TBB?
>
>> Has anyone here a strong opinion wrt. putting out an emergency Tails
>> 1.4.x release? What are you folks motivation and availability to make
>> it happen?
>
> No strong opinion, but not really available either :(
I've been arguing that smaller DHE groups are likely too weak to rely on
for over a year now.  On the client side (the side that mattes for
browsers in Tails, the logjam attacks can mainly be mitigated by just
increasing the minimum cutoff for the size of acceptable DHE moduli.
This is not a complicated fix, really.
In logjam, users are vulnerable to web sites that are misconfigured
enough to propose (and accept) bad ciphersuites.  The fix is to tell the
browser to not accept these weak connections.
I doubt the attack has an special power in the context of TBB itself,
but the environment in which TBB is used might be relevant.
 a) attackers might target connections coming out tor exit nodes going to
    sloppy/vulnerable servers, and
 b) tor users are more delay-tolerant than non-tor users; so an attacker
    couldmount some of the more-sophisticated MITM attacks that require
    online DHE cracking of small groups with a higher probability of
    success.
> I don't feel qualified enough to judge the importance of that bug...
>
> Regarding our schedule 1.4.1 is planned to be release on June 30 (25
> days from now). The vulnerability has been announed on May 20 (16 days
> ago). When would 1.4.X be released? During how many days would this
> emergency be used?
As the weakdh authors say, the ability to mount weakdh-style attacks
requires non-negligible cryptographic sophistication.  It seems likely
that parties with this kind of skill, network reach, and motivation will
be already using these attacks.
I don't know how many attackers will come up to speed between now and
the 30th, in terms of additional exposure, but it's not the soft of
attack that your average script kiddie can set up on the local wifi in a
day either (i haven't seen or heard of any weaponized versions of it).
I'd say fixing this would be a good thing, and doing so sooner is better
if it doesn't come at the expense of the quality of 1.4.1. otoh, i don't
have the time or expertise to help with rolling a new release, and i
understand what it's like to have scheduling constraints.  Just wanted
to give a sense of why this might be relevant for Tails.
Thanks to all for your work on Tails,
     --dkg