[9218] in cryptography@c2.net mail archive
RE: Field slide attacks and how to avoid them.
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Sun Sep 9 11:17:23 2001
Message-ID: <078EE8822DCFD411AAA1000629D56ADC0B7ECC@IMP01>
From: Amir Herzberg <AMIR@newgenpay.com>
To: 'John Kelsey' <kelsey.j@ix.netcom.com>,
cryptography@wasabisystems.com
Date: Sun, 9 Sep 2001 09:49:02 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
John says,
> I've been noticing a lot of ways you can mess up a cryptographic
> protocol due to the "sliding around" of fields within a
> signed or MACed
> message. The classic example of this is the old attack on PGP
> fingerprints, which let you use some odd keysize, and thus get two
> different keys (with different keysizes) with the same hash, without
> breaking the hash function. (The raw bits of the two keys
> are the same,
> but the fields are broken up differently.)
Use MAC function properly designed to prevent such attacks, such as HMAC
http://www.ietf.org/rfc/rfc2104.txt.
Best, Amir Herzberg
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
