First and most importantly: AWS customers, and AWS itself, don't need to do anything. There has been no impact to AWS services at any point. The research is impressive, but it doesn't affect our configuration or operational environment.
-
-
Show this thread
-
The researchers found two issues. One is a code bug, but we were able to categorize the impact as "NONE" because the code is only used in compatibility testing. This issue was also found independently as part of an internal research effort. More on that later.
Show this thread -
The second is a new general approach to targeting pseudo-constant time code using caching effects. It effects the "old" AES-CBC cipher suites. It's very difficult to do in real-world settings, you need network man-in-the-middle, access to the same CPU, favorable conditions, etc.
Show this thread -
The overwhelming majority of clients, browsers, the SDK and so on, use AES-GCM and are not even theoretically impacted. For the remaining small percent using AES-CBC, based on our guidelines, we classed the issue as "LOW" impact for s2n. But again, there's actually no AWS impact.
Show this thread -
Our "fix" for this issue is most-likely going to be just not implementing AES-CBC any more. It's now increasingly less common, and we can use KTLS and BoringSSL's implementations where we need it.
Show this thread -
As the paper calls out: s2n's approach to implementing AES-CBC has been to use pseudo-constant-time code, rather than fully constant time. Our reasons for using PCT code is that it far easier to audit and we must worry about introducing much worse bugs by having a lot of CT code.
Show this thread -
I hope that topic gets more research! It's a hard trade-off to balance. OpenSSL's CT approach also broke, leading to LuckyMinus20, arguably a more serious issue than the one it was meant to fix. The real answer is to use algorithms designed for CT! Thankfully AES-GCM is better.
Show this thread -
Last tweet for now! PR for our SHA384 changes:https://github.com/awslabs/s2n/pull/824 …
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.