shadowsocks
Protocol vulnerabilities discovered
Vulnerabilities found in this post https://www.hindawi.com/journals/scn/2022/4862571/ . Suggestions for improvement: As described in Section 3, the attacker can obtain user parameters by capturing network traffic and traversing parameters. Once the user parameters are obtained, the attacker can listen to all user data, seriously threatening data confidentiality. Because the attacker uses the passive attack method, the user has no perception of this attack behavior. To deal with these threats, some suggestions to enhance the security strength of SS protocol are proposed as follows: (1) We recommend that users use shadowsocks(R) more, and must configure obfuscation parameters and protocol parameters during configuring relay server, including auth_AES128_MD5, auth_AES128_sha1, and auth_chain_a. (2) Try to choose AEAD cryptographic algorithm instead of stream algorithm, including AES-GCM-256, AES-GCM-192, AES-GCM-128, and CHACHA20-IETF. (3) Shadowsocks(R) is not an encryption protocol designed by the government. Therefore, the identity verification of shadowsocks(R) is limited to the preshared key, and there is no complete forward secrecy. It is recommended to add the complete forward secrecy in the upgraded version. (4) Shadowsocks(R) use SM3 and Sha-3 to replace the existing hash algorithm and add salt value in the process of master key generation.
