On 04/13/2012 02:38 PM, James A. Donald wrote:
To construct a case where length extension matters, one must contrive a rather dreadful protocol.
http://vnhacker.blogspot.com/2009/09/flickrs-api-signature-forgery.html
Date Published: Sep. 28, 2009 Advisory ID: MOCB-01 Advisory URL: http://netifera.com/research/flickr_api_signature_forgery.pdf Title: Flickr's API Signature Forgery Vulnerability Remotely Exploitable: Yes [...] This advisory describes a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any application using Flickr's API. When combined with other vulnerabilities and attacks, an attacker can gain access to accounts of users who have authorized any third party application. Additionally, if an application uses PHPFlickr >= 1.3.1, an attacker can trick users of that application to visit arbitrary web sites. This may apply for other Flickr's API libraries and applications as well. Flickr requires that all API calls using an authentication token must be signed. In addition, calls to the flickr.auth.* methods and the URLs that bring users to the application authorization page must also be signed. [...] The process of signing is as follows. * Sort your argument list into alphabetical order based on the parameter name. * e.g. foo=1, bar=2, baz=3 sorts to bar=2, baz=3, foo=1 * concatenate the shared secret and argument name-value pairs * e.g. SECRETbar2baz3foo1 * calculate the md5() hash of this string * append this value to the argument list with the name api_sig, in hexadecimal string form, e.g. api_sig=1f3870be274f6c49b3e31a0c6728957f
[Hilarity ensues] - Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
