general defensive crypto coding principles
Ben Laurie
ben at algroup.co.uk
Sun Feb 12 12:40:27 EST 2006
Travis H. wrote:
> On 2/8/06, Jack Lloyd <lloyd at randombit.net> wrote:
>> An obvious example occurs when using a
>> deterministic authentication scheme like HMAC - an attacker can with high
>> probability detect duplicate plaintexts by looking for identical tags.
>
> I think though that the solution is fairly simple; prepend a
> block-length random IV to the message and to the output of HMAC.
>
> In fact, I've wondered if doing this on all hashes might be a good
> defensive programming idea. It seems to defend against attacks of the
> sort which /etc/passwd was subject (dictionary cracking) in much the
> same way that salt did*, and against guessing the plaintext for short
> plaintexts even when the language is unknown.
It also defends against the MD5 crack, and is one of the recommended
IETF solutions to hash problems.
--
http://www.links.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list