Hello all, I'm working on a presentation about cryptography to give to the Open Web Application Security Project (OWASP). The reason why I'm giving it is that I've seen web developers doing crypto a lot lately, and they seem to be making some naive mistakes, like using ECB mode for multi-block structures, using encryption when they should be using MACs, and that kind of stuff.
I had originally intended to make the entire presentation on web security failures, but found it time-consuming to locate information about web-specific vulnerabilities... they just aren't documented well because they're usually in the application layer for a single company, and so generally not shared widely. So, I've thrown in some non-web examples of application developers trying to invent their own crypto and getting it wrong (LANMAN hashes, for example). Anyway, I'd like some cryptographers to review my presentation to make sure that I am giving solid advice. http://www.subspacefield.org/security/web_20_crypto.pdf In addition, I'm curious about: Which hashes are currently vulnerable to length-extension attacks. If I recall Bruce Schneier's book "Practical Cryptography" correctly, he stated that even SHA-1 was vulnerable. Do any hashes in the SHA-2 family have protection against length extension? Is it sufficient to have a one-way finalization function in your Merkle-Damgaard hash construction to prevent length extension attacks? -- Obama Nation | It's not like I'm encrypting... it's more like I've developed a massive entropy deficiency | http://www.subsubpacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com