[Cryptography] Langsec & authentication
James A. Donald
jamesd at echeque.com
Mon May 26 17:42:25 EDT 2014
On 2014-05-27 04:23, Judson Lester wrote:
> I've been fascinated to discover and read about the langsec movement
> in the wake of heartbleed. The fundamental ideas seem sound, but
> there's at least one question I'm have but haven't seen addressed
> anywhere.
>
> As I understand it, the langsec position is that specifying your
> protocol language to be as easy to parse as possible, in Chomsky
> hierarchy terms, has direct security implications - if the uppermost
> surface of your networked application doesn't have to include a Turing
> machine, that severely limits an avenue of attack on that application.
>
> What confuses me is trying to align this with a principle of
> cryptography that you should only authenticate what you mean, as
> opposed to authenticating a particular series of bytes, especially in
> the face of langsec sites that recommend the use of JSON after having
> argued convincingly against ASN.1 DER.
ASN.1 DER contains a turing machine in which the attacker can execute
code that you never imagined.
With ASN.1 PER that turing machine is executed at compile time, and at
run time is no longer around, so your attacker cannot use it.
This is like the difference between using SQL (injection attacks) and
compiled SQL.
Just as SQL is extraordinarily vulnerable to attack, while compiled SQL
and stored SQL procedures are normally invulnerable to attack, ASN.1 DER
is extraordinarily vulnerable, while ASN.1 PER is normally invulnerable.
More information about the cryptography
mailing list