[9257] in cryptography@c2.net mail archive
Re: Field slide attacks and how to avoid them.
daemon@ATHENA.MIT.EDU (Andrew Brown)
Tue Sep 11 13:24:11 2001
Date: Tue, 11 Sep 2001 13:19:15 -0400
From: Andrew Brown <atatat@atatdot.net>
To: "Kevin E. Fu" <fubob@MIT.EDU>
Cc: John Kelsey <kelsey.j@ix.netcom.com>,
cryptography@wasabisystems.com
Message-ID: <20010911131915.A26342@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200109102050.QAA05629@ultrasparc.mit.edu>; from fubob@MIT.EDU on Mon, Sep 10, 2001 at 04:50:07PM -0400
>The problem is that an ambiguous message is signed, making this attack
>possible:
>
> (username, expiration) -> MAC signature
> --------------------- --------------------------
> (Alice, 21-Apr-2001 -> MAC (Alice21-Apr-2001, key)
> (Alice2, 1-Apr-2001 -> MAC (Alice21-Apr-2001, key)
>
>An adversary need only create an Alice2 account with an appropriate
>expiration time to forge an authenticator for the real Alice. In the
>real world, sites and systems like WSJ.com and ArsDigita ACS suffer
>from variants of this marshalling problem [1]. Just sign what you
>mean -- using a delimiter or variable name outside the message space
>is usually sufficient.
so change that to
(username, expiration) -> MAC signature
--------------------- --------------------------
(Alice, 21-Apr-2001 -> MAC (MAC(Alice), MAC(21-Apr-2001), key)
(Alice2, 1-Apr-2001 -> MAC (MAC(Alice2), MAC(1-Apr-2001), key)
maybe?
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
