X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=iAD5g
	0173YXTVyqQTOZtY+6hG8fOXnVBACSGGI2SdW+75+40RXBjqtBv+XU6Gd8s/8JyF
	KG6fBp6CK/+lLfBHpA85KAIFXFtM8P5tId9SWYAO3D2GDEqRekBr9W7mpgb+lzey
	GgKcC5+vAHQRdyx5//zDXr6UnjY8LqaKKeBbYo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=OfRPeQZl09C
	oxhHmNsa5CAxO/wA=; b=ROU2Xi3OE9RMXsb3DnwV9fCa7tKC15ePo0iA9veNFPT
	N3siiVqn4NFlgsX5TUTLzF6lTf6qA7wrQPUmTkcjY9OTJoVDhVWEbAKMEcZrRgng
	u1P4PvTo/9ahatRw1FoKxYD4PXzqY6uUkBfu0MloRUJForAvPOSSOlX6w/lfEXAg
	=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail-in-06.arcor-online.net
X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-09.arcor-online.net 3l0Y6R2VNyzDYYF
From: Achim Gratz <Stromeko AT nexgo DOT de>
To: cygwin AT cygwin DOT com
Subject: Re: How Cygwin counters man-in-the-middle (MITM) attacks
References: <E1YUgpo-0002Wt-L5 AT rmm6prod02 DOT runbox DOT com>
Date: Sun, 08 Mar 2015 20:44:30 +0100
In-Reply-To: <E1YUgpo-0002Wt-L5@rmm6prod02.runbox.com> (David A. Wheeler's	message of "Sun, 08 Mar 2015 15:25:56 -0400 (EDT)")
Message-ID: <874mpvqnoh.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain

David A. Wheeler writes:
>    I checked Cygwin.com's SSL/TLS implementation using Qualsys
>    ( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating
>    of "B" (capped because it permits the RC4 cipher).

That's not what I see at the moment, so you might want to check again:

Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-08 20:38 CET
Nmap scan report for cygwin.com (209.132.180.131)
Host is up (0.21s latency).
rDNS record for 209.132.180.131: server1.sourceware.org
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=cygwin.com/organizationName=Red Hat Inc./stateOrProvinceName=North Carolina/countryName=US
| Issuer: commonName=DigiCert SHA2 High Assurance Server CA/organizationName=DigiCert Inc/countryName=US
| Public Key type: rsa
| Public Key bits: 4096
| Not valid before: 2014-05-15T23:00:00+00:00
| Not valid after:  2016-05-20T11:00:00+00:00
| MD5:   d888 b3ed 9f0f f8d1 5b57 fdd7 5122 bb53
|_SHA-1: 349e 7f24 e249 2256 af2d 15a9 2883 ce84 4a40 a88f
| ssl-enum-ciphers: 
|   SSLv3: No supported ciphers found
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors: 
| 
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|     compressors: 
|       NULL
|_  least strength: weak

> 5. The possibly-updated packages to be installed are downloaded and their
>    cryptographic hashes (from the signed setup.ini file) are checked.
>
>    Currently (as of 2015-03-08) Cygwin uses MD5 cryptographic hashes.
>    As long as MD5 is accepted then Cygwin is vulnerable to
>    MITM, because MD5 is a totally broken algorithm. E.g., in 2012
>    the Flame malware exploited MD5 to fake a Microsoft digital signature.

Setup.ini also records the file size, so a successful attack would need
to pack a malicous payload into a valid archive of the same size and the
same MD5 checksum.  I think that is a much taller order than simply
creating a hash collision.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple