[26429] in bugtraq
Re: VNC authentication weakness
daemon@ATHENA.MIT.EDU (Mike Porter)
Wed Jul 31 01:03:54 2002
Date: Tue, 30 Jul 2002 12:25:37 -0400 (EDT)
From: Mike Porter <mike@UDel.Edu>
To: Nate Lawson <nate@cryptography.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <5.1.0.14.2.20020729144054.00aec2d0@cryptography.securesites.com>
Message-ID: <Pine.SOL.4.44.0207301219450.5455-100000@copland.udel.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> To be more specific, there are two things you need in a challenge
> value: uniqueness and unpredictability. Lack of uniqueness allows an
> attacker to replay a past response to a future challenge. Predictability
> allows an attacker to pre-fetch a correct future response from one of the
> parties.
>
> A counter provides perfect uniqueness (up to its maximum range) but easy
> predictability. A physical random source provides great unpredictability
A counter is acceptable if it and a value from the entropy pool are
run through MD5 or SHA1. The "seed" or current state of the
entropy pool must of course be kept in a secure fashion and not
revealed. You must not ever re-issue a challenge, etc. The
counter must be used properly and not allowed to wrap without some
sort of reseeding operation. Otherwise, you will violate the
previous condition.
I have hardly covered all the points. A good paper seems to be:
http://www.counterpane.com/yarrow.html.
Mike
