Field slide attacks and how to avoid them.

Ben Laurie ben at algroup.co.uk
Sun Sep 9 13:56:36 EDT 2001


Amir Herzberg wrote:
> 
> John says,
> 
> > I've been noticing a lot of ways you can mess up a cryptographic
> > protocol due to the "sliding around" of fields within a
> > signed or MACed
> > message.  The classic example of this is the old attack on PGP
> > fingerprints, which let you use some odd keysize, and thus get two
> > different keys (with different keysizes) with the same hash, without
> > breaking the hash function.  (The raw bits of the two keys
> > are the same,
> > but the fields are broken up differently.)
> 
> Use MAC function properly designed to prevent such attacks, such as HMAC
> http://www.ietf.org/rfc/rfc2104.txt.

I think you are missing the point. What John is talking about is where
two fields are banged up against each other before MACing, so 123 and
45678 gives the same MAC as 12345 and 678, no matter how good your MAC
function is.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list