One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography
Download: Paper (PDF)
Date: 24 Apr 2013
Document Type: Presentations
Additional Documents: Slides
Associated Event: NDSS Symposium 2013
Often a cryptographic standard offers a choice between several algorithms to perform the same cryptographic task, including secure state-of-the-art cryptosystems, as well as insecure legacy cryptosystems with known vulnerabilities that are made available for backwards compatibility reasons. Obviously using insecure legacy cryptosystems is dangerous. However, we show the less obvious fact that even if users have the best of intentions to use only the most up-to-date, vulnerability-free version of a system, the mere existence of support for old versions can have a catastrophic effect on security.