general defensive crypto coding principles

Travis H. solinym at gmail.com
Sat Feb 11 06:36:25 EST 2006


On 2/8/06, Jack Lloyd <lloyd at randombit.net> wrote:
> An obvious example occurs when using a
> deterministic authentication scheme like HMAC - an attacker can with high
> probability detect duplicate plaintexts by looking for identical tags.

I think though that the solution is fairly simple; prepend a
block-length random IV to the message and to the output of HMAC.

In fact, I've wondered if doing this on all hashes might be a good
defensive programming idea.  It seems to defend against attacks of the
sort which /etc/passwd was subject (dictionary cracking) in much the
same way that salt did*, and against guessing the plaintext for short
plaintexts even when the language is unknown.

[*]  Salts of course defended against hardware implementations by
perturbing the S-tables instead of altering the input.
--
"Cryptography is nothing more than a mathematical framework for discussing
various paranoid delusions." -- Don Alvarez
http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list