[8173] in bugtraq
Re: Referer (was Patches for wwwboard.pl)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Mon Oct 12 15:34:24 1998
Date: Sat, 10 Oct 1998 15:31:35 -0400
Reply-To: adam@netect.com
From: Adam Shostack <adam@TWOFISH.NETECT.COM>
X-To: Michael Blythe <michael@CONFLUENCE-INC.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <v04011700b243d7ce7c46@[198.182.208.50]>; from Michael Blythe on
Fri, Oct 09, 1998 at 07:45:38AM -0800
Licoln's suggestion is very good, but can be improved by using
the hmac construction rather than md5(key, data). The hmac function
is documented in http://www-cse.ucsd.edu/users/mihir/papers/hmac.html,
or rfc2014.
An elegant proof of this is too large to fit in this note.
Adam
On Fri, Oct 09, 1998 at 07:45:38AM -0800, Michael Blythe wrote:
> >Since the referer information comes from the remote client, that doesn't
> >prevent malicious destruction. Anyone with netcat or telnet could forge the
> >referer field. It requires a little more expertise, but not much.
>
> In September's 'Web Techniques', Lincoln Stein dicscusses the problem of
> using the referer header as an authentication method for CGI scripts. He
> suggests using MD5 to check whether a form's fields have been tampered
> with. I'm not sure if this would work with the wwwboard, because of the way
> the script is passing info in hidden fields, but it will work in other
> applications:
>
> Here's an abbreviated version of his suggestions:
>
> 1. Choose a secret key.
> 2. Decide which form fields should be untamperable.
> 3. Optional: put in consistency-checking hidden fields.
> 4. Concatenate the key, the form fields, and the consitency-checking fields.
> Compute the MD5 hash* and convert it to a hexadecimal string.
> 5. Include within the form a new hidden field containing the hash.
> 6. When the form is returned to your script, make sure all expected fields
> are present, and that
> expected values are present in the consistency-checking fields.
> Recompute the MD5 hash and
> compare it to the one in the form field. If they match, "you can be
> pretty sure that the form
> hasn't been tampered with."
>
>
> * in perl, the MD5 hash can be computed as follows:
> $hash = MD5 -> hexhash(MD5->hexhash ($secret) "@untamperable @consistency");
>
> /mb
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
