Changes between Version 5 and Version 6 of VORACLE


Ignore:
Timestamp:
10/04/18 15:12:22 (5 years ago)
Author:
tct
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • VORACLE

    v5 v6  
    2525Without compression the length of the encrypted packets does not change, so Eve cannot gain any information. (Strictly speaking the length changes if Eve's password length changes but that gives no additional information)
    2626
    27 The real world attacks are more complicated and need to take in account the specific circumstances (e.g. HTTPS or VPN) but they rely on the same principle as demonstrated in this simple example.
     27The real world attacks are more complicated and need to take into account the specific circumstances (e.g. HTTPS or VPN) but they rely on the same principle as demonstrated in this simple example.
    2828
    2929=== Compression is **NOT** enabled by default ===
     
    3131It is important to know that compression has never been enabled by default.  An OpenVPN configuration (implying both the local and remote side) must explicitly enable compression.
    3232
    33 These options here covers what is called the OpenVPN Data Channel in the wire protocol.  The data channel is used to transfer network traffic from one side to the other side.  OpenVPN also uses a Control Channel, where the TLS protocol is used.  OpenVPN has disabled compression explicitly inside the Control Channel explicitly since OpenVPN 2.3.9 and OpenVPN 2.4.0 when compiled against OpenSSL.  The compression on the Control Channel is not configurable.  OpenVPN compiled against mbed TLS and PolarSSL has no support for modifying compression on the Control Channel, but it is disabled by default in the compiling process of the mbedTLS/PolarSSL library. No payload packets are sent over this channel and communication is strictly between openvpn server and client, making chosen plaintext like BEAST, CRIME and VORACLE extremely difficult for the Control Channel.
     33The options here cover what is called the OpenVPN Data Channel in the wire protocol.  The data channel is used to transfer network traffic from one side to the other side.  OpenVPN also uses a Control Channel, where the TLS protocol is used.  OpenVPN has **explicitly** disabled compression inside the Control Channel since OpenVPN 2.3.9 and OpenVPN 2.4.0 when compiled against OpenSSL.  The compression on the Control Channel is not configurable.  OpenVPN compiled against mbedTLS and PolarSSL has no support for modifying compression on the Control Channel, but it is disabled by default in the compiling process of the mbedTLS/PolarSSL library. No payload packets are sent over this channel and communication is strictly between openvpn server and client, making chosen plaintext like BEAST, CRIME and VORACLE extremely difficult for the Control Channel.
    3434
    3535== Mitigation ==
     
    6363
    6464
    65     This will stop the client from annoucing compression support (via `IV_LZO=1`, `IV_LZ4=1` etc) and only advertises stub support.
     65    This will stop the client from announcing compression support (via `IV_LZO=1`, `IV_LZ4=1` etc) and only advertises stub support.
    6666
    6767    If your connection stops working after this change your server does not respect the client capabilities.
     
    9696In most cases this is more a perceived need than a real need.
    9797
    98 - Most traffic is not compressible since it either already compressed (e.g. large downloads) or is encrypted and cannot be compressed
    99 - VPN compression is fairly inefficient compared to normal compression. Only one packet at a time (~1400) is compressed. It is always better compress data at a higher protocol layer
     98- Most traffic is not compressible since it is either already compressed (e.g. large downloads) or is encrypted and cannot be compressed.
     99- VPN compression is fairly inefficient compared to normal compression. Only one packet at a time (~1400 bytes) is compressed. It is always better compress data at a higher protocol layer.
    100100
    101101