[Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress [drama]
travis+ml-noisebridge at subspacefield.org
travis+ml-noisebridge at subspacefield.org
Tue Sep 28 23:06:10 UTC 2010
On Tue, Sep 28, 2010 at 03:54:17PM -0500, Sai wrote:
> Incidentally, re http://decloak.net - anyone know why HD Moore has the
> second usage of the secret in the md5 hash? (md5("secret" .
> $_SERVER['REMOTE_ADDR'] . $_SERVER['REMOTE_PORT'] . time() .
> "secret");)
> AFAICT this is pure voodoo, unless md5 is a non-perfect hash in some
> way that's not clear to me.
It's an attempt to prevent length extension-attacks, as mentioned
later in the thread.
I have an illustration of it towards the end of this:
http://www.subspacefield.org/security/web_20_crypto/web_20_crypto.pdf
That presentation was the inspiration for Thai to do this:
http://netifera.com/research/flickr_api_signature_forgery.pdf
TL;DR: My diagram of the attack is figure 2 there.
Summary of problem: Attacker given H(S|val1) and val1, but not S.
Attacker wants to create H(S|val2) where val2!=val1. So yes, the
attack works against H(S|x) as an _authentication_ mechanism.
But Moxie's right, this is a poor man's HMAC; the problem with
H(val|S) and even H(S|val|S) is that you can substitute two colliding
values for one another and still pass the check. In practice, it's
unlikely that val|S (or some prefix thereof) would be a partner in a
collision, but cryptographers are perfectionists.
Along similar lines, they've let it be known that like MD5 or SHA1 are
broken, but it's only their collision resistance that's borked, and
not (to my knowledge) their preimage resistance, which is what people
use them for. And speaking of preimage resistance, segue to:
Sai, I think you're confusing this with salting hashes, which is a
tool to slow down password guessing (dictionary attacks and brute
forcing). That's a completely different problem, where you're trying
to guess the preimage (input) based on the image (output). Those are
described here:
http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc28.4.3
--
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100928/279cc2d8/attachment-0003.sig>
More information about the Noisebridge-discuss
mailing list