--- Eric Rescorla <[EMAIL PROTECTED]> wrote: > > Heck, if you could find a security flaw in LibTomNet [v0.03] I'll > buy > > you a beer. > Your protocol does not use appear to have any protection against > active attacks on message sequence, including message deletion, > replay, etc. True, the attacker can't inject *predictable* > plaintext, > but he can inject garbage plaintext and have it accepted as real.
No he can't. You need a correct HMAC for the data to be accepted. This allows a replay attack which I should fix. One beer. Ultimately though the plaintext won't match if you replay though so its only half a bug [though a bug that must be fixed]. > Your protocol is susceptible to truncation attack via TCP FIN > forging. I don't even know what that is but my protcol must read an entire block before parsing it. > Your server doesn't generate any random values as part of the > handshake, > thus, leaving you open to full-session replay attack. Which is why people should use some authentication scheme ontop of this. Note that the server has no clue who you are after making the connection. This is intentional.\ So if you are in the area [or at Crypto'03] I'll buy you a beer. Tom __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
