XML signature HMAC truncation authentication bypass
"XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as specified in RFC2104. However, the XMLDsig specification does not follow the RFC2104 recommendation to not allow truncation to less than half of the length of the hash output or less than 80 bits. When HMAC truncation is under the control of an attacker this can result in an effective authentication bypass. For example, by specifying an HMACOutputLength of 1, only one bit of the signature is verified. This can allow an attacker to forge an XML signature that will be accepted as valid." - http://www.kb.cert.org/vuls/id/466161 More information at: HMAC truncation in XML Signature: When Alice didn't look. - http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html -- Leandro Federico Meiners - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Traffic Analysis References
Dear list, Can anybody point me to any good references regarding traffic analysis? regards, Leandro. -- Leandro Federico Meiners GnuPG key fingerprint: 7B98 C0F5 42A3 2BEE 44AF 9D19 936F 5957 27DF AE74 GnuPG-Key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=lmeiners%40gmail.com&fingerprint=on&exact=on - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Any opinions on Kryptor...?
Dear list, Has anybody heard about Kryptor? Any opinions? (Link: http://www.rosiello.org/modules/smartsection/visit.php?fileid=1) Regards, Leandro Meiners.- -- Leandro Federico Meiners - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Locating private keys in RAM?
Maybe you mean http://www.trapkit.de/research/sslkeyfinder/keyfinder_v1.0_20060205.pdf Regards, Leandro On 9/4/06, Douglas F. Calvert <[EMAIL PROTECTED]> wrote: Hello, I remember seeing a paper about identifying private keys in RAM. I thought it was by Rivest but I can not locate it for the life of me. Does anyone remember reading something like this? The basic operation was to identify areas in RAM that had certain characteristics such as random bits and identifiable key headers... Any help would be greatly appreciated... -- --dfc [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- Leandro Federico Meiners - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]