Re: mac_check in eagle book
On 16 Apr 2001, Chip Turner wrote: The modperl book mentions it double hashes to prevent a malicious user from concatenating data onto the values being checked. I don't know if they are referring to this weakness, but I suspect they are. Sadly, the book doesn't seem to offer a reference for the claim as to the specific md5 vulnderability. (Hey Doug, wanna shed some light on that somewhat cryptic passage? :) I'm sure I recall seeing a book on cryptography mentioned in the footnotes somewhere... The crypto section in Mastering Algoritms with Perl is a pretty good overview. - Perrin
Re: mac_check in eagle book
Hi Eric - I was wondering if someone could explain to me why in the eagle book it is necessary to perform an md5 twice before sending a mac_check to a user of a number of fields. I read in the mod_perl book that this is done 'to prevent technically savy users from appending data to the @fields'. my $mac_check = md5_hex($secret, md5_hex(join '', $secret, @fields)); disclaimer I am not a crypto expert /disclaimer There is a good explanation starting on page 5 of this: ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto1n1.pdf Basically because the algorithm is iterative and pads the length of input data to multiples of 512 bits, you can start with a MAC that came from MD5(secret + data), and use it to create a new MAC that corresponds to MD5(secret + data + pad + appended_data), without ever knowing what the original secret was. As an alternative to MD5(secret + data), the authors recommendations include: MD5(secret + MD5(secret + data) ) or possibly better: MD5(secret1 + MD5(secret2 + data) ) Hope this helps! Larry Leszczynski [EMAIL PROTECTED]
Re: mac_check in eagle book
[EMAIL PROTECTED] (Eric Kolve) wrote: I was wondering if someone could explain to me why in the eagle book it is necessary to perform an md5 twice before sending a mac_check to a user of a number of fields. I read in the mod_perl book that this is done 'to prevent technically savy users from appending data to the @fields'. my $mac_check = md5_hex($secret, md5_hex(join '', $secret, @fields)); What I am wondering is, what situation would a user be able to append data to the fields? I believe if you change only one bit of the data, the mac will change, so I am a little confused. This looks suspicious to me too. Any hashing algorithm worth its salt shouldn't have to be done twice. And doing it twice may in fact expose weaknesses in the algorithm (though I have no evidence to support this). I'd suggest just this: my $mac_check = md5_hex join '', $secret, @fields; ------ Ken Williams Last Bastion of Euclidity [EMAIL PROTECTED]The Math Forum
Re: mac_check in eagle book
On 2001-04-15 23:52:38, [EMAIL PROTECTED] wrote: I was wondering if someone could explain to me why in the eagle book it is necessary to perform an md5 twice before sending a mac_check to a user [...] Any hashing algorithm worth its salt shouldn't have to be done twice. And doing it twice may in fact expose weaknesses in the algorithm (though I have no evidence to support this). Doesn't the Eagle book mention somewhere that this is done because of a known weakness in the MD5 algorithm? - ams
Re: mac_check in eagle book
Abhijit Menon-Sen [EMAIL PROTECTED] writes: On 2001-04-15 23:52:38, [EMAIL PROTECTED] wrote: I was wondering if someone could explain to me why in the eagle book it is necessary to perform an md5 twice before sending a mac_check to a user [...] Any hashing algorithm worth its salt shouldn't have to be done twice. And doing it twice may in fact expose weaknesses in the algorithm (though I have no evidence to support this). Doesn't the Eagle book mention somewhere that this is done because of a known weakness in the MD5 algorithm? There is a theoretical weakness in md5 if the attacker can create both sets of data that are hashed. Under some strict circumstances, he could get two different files with the same hash value. However, the real world risk of this is supposedly quite low and the attack is computationally difficult to perform. The double hashing reduces the risk further. The modperl book mentions it double hashes to prevent a malicious user from concatenating data onto the values being checked. I don't know if they are referring to this weakness, but I suspect they are. Sadly, the book doesn't seem to offer a reference for the claim as to the specific md5 vulnderability. (Hey Doug, wanna shed some light on that somewhat cryptic passage? :) It's been a while, but I believe SHA1 has yet to have a weakness found. md5 is probably secure enough for websites though. Chip -- Chip Turner [EMAIL PROTECTED] RHN Web Engineer
