Akamai Diversity

The Akamai Blog

Akamai Customers are not vulnerable to SLOTH

By Rich Salz

Akamai was informed of a new TLS vulnerability -- SLOTH -- by researcher Karthik Bharghaven. Akamai then worked with the researcher to confirm and fix the vulnerability in an expedient manner prior to public disclosure. Consequently, we minimized the chances of an exploit and have determined that Akamai customers are now not vulnerable to SLOTH.

SLOTH is a tricky attack against SSL/TLS connections that uses various protocol interactions in unexpected ways. The key point is that weak digests are used in SSLv2 (MD5), and that later versions of the protocol can be tricked into using those digests. It's important to know that the digests are used to protect the SSL/TLS messages exchanged between client and server.

This is not the same as the digest used to sign a certificate, which is less risky because the CA should completely control the content of the certificate that is being signed (other than the public key).

The message-protection is more risky because messages are sent between client and server, and both sides generate content. Therefore, an attacker can craft their messages to end up with a particular digest result and use that known value to impersonate other connections.

It is not enough to remove the MD5 digest from the methods offered during negotiation. The code to implement that for the handshake must be removed because an attacker could still choose it, even if it wasn't offered by the other side.

Akamai eliminated the vulnerability to SLOTH early in the "blackout period" to help best protect our customers and our platform. We will continue to participate in OpenSSL development, and work with leading security researchers like Karthik and his team. We will continue to do this to ensure that Akamai is well positioned to take the appropriate steps to protect our customers and help imrpove overall Web security.

For an interesting graphic on message digest lifetimes, see http://valerieaurora.org/hash.html. For the full technical details on SLOTH, see http://www.mitls.org/pages/attacks/SLOTH.