You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Eric Kolve <er...@corp.classmates.com> on 2001/04/15 18:51:00 UTC

mac_check in eagle book

I was wondering if someone could explain to me why in the eagle book it
is necessary to perform 
an md5 twice before sending a mac_check to a user of a number of
fields.  I read in the mod_perl book that this is done 'to prevent
technically savy users from appending data to the @fields'. 

my $mac_check = md5_hex($secret,
                    md5_hex(join '', $secret, @fields));  


What I am wondering is, what situation would a user be able to append
data to the fields? I believe if you change only one bit of the data,
the mac will change, so I am a little confused.

thanks,

--eric

Re: mac_check in eagle book

Posted by Perrin Harkins <pe...@elem.com>.

> On 16 Apr 2001, Chip Turner wrote:
>
> > The modperl book mentions it double hashes to prevent a
> > malicious user from concatenating data onto the values being checked.
> > I don't know if they are referring to this weakness, but I suspect
> > they are.  Sadly, the book doesn't seem to offer a reference for the
> > claim as to the specific md5 vulnderability.  (Hey Doug, wanna shed
> > some light on that somewhat cryptic passage? :)
>
> I'm sure I recall seeing a book on cryptography mentioned in the footnotes
> somewhere...

The crypto section in Mastering Algoritms with Perl is a pretty good
overview.
- Perrin

Re: mac_check in eagle book

Posted by Matt Sergeant <ma...@sergeant.org>.

On 16 Apr 2001, Chip Turner wrote:

> The modperl book mentions it double hashes to prevent a
> malicious user from concatenating data onto the values being checked.
> I don't know if they are referring to this weakness, but I suspect
> they are.  Sadly, the book doesn't seem to offer a reference for the
> claim as to the specific md5 vulnderability.  (Hey Doug, wanna shed
> some light on that somewhat cryptic passage? :)

I'm sure I recall seeing a book on cryptography mentioned in the footnotes
somewhere...

-- 
<Matt/>

    /||    ** Founder and CTO  **  **   http://axkit.com/     **
   //||    **  AxKit.com Ltd   **  ** XML Application Serving **
  // ||    ** http://axkit.org **  ** XSLT, XPathScript, XSP  **
 // \\| // ** mod_perl news and resources: http://take23.org  **
     \\//
     //\\
    //  \\

Re: mac_check in eagle book

Posted by Chip Turner <ct...@redhat.com>.

Abhijit Menon-Sen <am...@wiw.org> writes:

> On 2001-04-15 23:52:38, ken@forum.swarthmore.edu wrote:
> >
> > > I was wondering if someone could explain to me why in the eagle book
> > > it is necessary to perform an md5 twice before sending a mac_check
> > > to a user [...]
> >
> > Any hashing algorithm worth its salt shouldn't have to be done twice.
> > And doing it twice may in fact expose weaknesses in the algorithm
> > (though I have no evidence to support this).
> 
> Doesn't the Eagle book mention somewhere that this is done because of a
> known weakness in the MD5 algorithm?

There is a theoretical weakness in md5 if the attacker can create both
sets of data that are hashed.  Under some strict circumstances, he
could get two different files with the same hash value.  However, the
real world risk of this is supposedly quite low and the attack is
computationally difficult to perform.  The double hashing reduces the
risk further.  The modperl book mentions it double hashes to prevent a
malicious user from concatenating data onto the values being checked.
I don't know if they are referring to this weakness, but I suspect
they are.  Sadly, the book doesn't seem to offer a reference for the
claim as to the specific md5 vulnderability.  (Hey Doug, wanna shed
some light on that somewhat cryptic passage? :)

It's been a while, but I believe SHA1 has yet to have a weakness
found.  md5 is probably secure enough for websites though.

Chip

-- 
Chip Turner                   cturner@redhat.com
                              RHN Web Engineer

Re: mac_check in eagle book

Posted by Abhijit Menon-Sen <am...@wiw.org>.

On 2001-04-15 23:52:38, ken@forum.swarthmore.edu wrote:
>
> > I was wondering if someone could explain to me why in the eagle book
> > it is necessary to perform an md5 twice before sending a mac_check
> > to a user [...]
>
> Any hashing algorithm worth its salt shouldn't have to be done twice.
> And doing it twice may in fact expose weaknesses in the algorithm
> (though I have no evidence to support this).

Doesn't the Eagle book mention somewhere that this is done because of a
known weakness in the MD5 algorithm?

- ams

Re: mac_check in eagle book

Posted by Ken Williams <ke...@forum.swarthmore.edu>.

eric@corp.classmates.com (Eric Kolve) wrote:
>I was wondering if someone could explain to me why in the eagle book it
>is necessary to perform 
>an md5 twice before sending a mac_check to a user of a number of
>fields.  I read in the mod_perl book that this is done 'to prevent
>technically savy users from appending data to the @fields'. 
>
>my $mac_check = md5_hex($secret,
>                    md5_hex(join '', $secret, @fields));  
>
>
>What I am wondering is, what situation would a user be able to append
>data to the fields? I believe if you change only one bit of the data,
>the mac will change, so I am a little confused.

This looks suspicious to me too.  Any hashing algorithm worth its salt
shouldn't have to be done twice.  And doing it twice may in fact expose
weaknesses in the algorithm (though I have no evidence to support this).

I'd suggest just this:

   my $mac_check = md5_hex join '', $secret, @fields;


  -------------------                            -------------------
  Ken Williams                             Last Bastion of Euclidity
  ken@forum.swarthmore.edu                            The Math Forum

Re: mac_check in eagle book

Posted by Larry Leszczynski <la...@furph.com>.

Hi Eric -

> I was wondering if someone could explain to me why in the eagle book it
> is necessary to perform 
> an md5 twice before sending a mac_check to a user of a number of
> fields.  I read in the mod_perl book that this is done 'to prevent
> technically savy users from appending data to the @fields'. 
> 
> my $mac_check = md5_hex($secret,
>                     md5_hex(join '', $secret, @fields));  

<disclaimer> I am not a crypto expert </disclaimer>

There is a good explanation starting on page 5 of this:
   ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto1n1.pdf

Basically because the algorithm is iterative and pads the length of input
data to multiples of 512 bits, you can start with a MAC that came from
MD5(secret + data), and use it to create a new MAC that corresponds to
MD5(secret + data + pad + appended_data), without ever knowing what the
original secret was.

As an alternative to MD5(secret + data), the authors recommendations
include:
   MD5(secret + MD5(secret + data) )
or possibly better:
   MD5(secret1 + MD5(secret2 + data) )


Hope this helps!
Larry Leszczynski
larryl@furph.com