Hello all,

I'm working on a presentation about cryptography to give to the Open
Web Application Security Project (OWASP).  The reason why I'm giving
it is that I've seen web developers doing crypto a lot lately, and
they seem to be making some naive mistakes, like using ECB mode for
multi-block structures, using encryption when they should be using
MACs, and that kind of stuff.

I had originally intended to make the entire presentation on web
security failures, but found it time-consuming to locate information
about web-specific vulnerabilities...  they just aren't documented
well because they're usually in the application layer for a single
company, and so generally not shared widely.  So, I've thrown in some
non-web examples of application developers trying to invent their own
crypto and getting it wrong (LANMAN hashes, for example).

Anyway, I'd like some cryptographers to review my presentation to make
sure that I am giving solid advice.


In addition, I'm curious about:

Which hashes are currently vulnerable to length-extension attacks.  If
I recall Bruce Schneier's book "Practical Cryptography" correctly, he
stated that even SHA-1 was vulnerable.  Do any hashes in the SHA-2
family have protection against length extension?

Is it sufficient to have a one-way finalization function in your
Merkle-Damgaard hash construction to prevent length extension attacks?
Obama Nation | It's not like I'm encrypting... it's more like I've
developed a massive entropy deficiency | 
If you are a spammer, please email j...@subspacefield.org to get blacklisted.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to