You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Eric Kolve <er...@corp.classmates.com> on 2001/04/15 18:51:00 UTC
mac_check in eagle book
I was wondering if someone could explain to me why in the eagle book it
is necessary to perform
an md5 twice before sending a mac_check to a user of a number of
fields. I read in the mod_perl book that this is done 'to prevent
technically savy users from appending data to the @fields'.
my $mac_check = md5_hex($secret,
md5_hex(join '', $secret, @fields));
What I am wondering is, what situation would a user be able to append
data to the fields? I believe if you change only one bit of the data,
the mac will change, so I am a little confused.
thanks,
--eric
Re: mac_check in eagle book
Posted by Perrin Harkins <pe...@elem.com>.
> On 16 Apr 2001, Chip Turner wrote:
>
> > The modperl book mentions it double hashes to prevent a
> > malicious user from concatenating data onto the values being checked.
> > I don't know if they are referring to this weakness, but I suspect
> > they are. Sadly, the book doesn't seem to offer a reference for the
> > claim as to the specific md5 vulnderability. (Hey Doug, wanna shed
> > some light on that somewhat cryptic passage? :)
>
> I'm sure I recall seeing a book on cryptography mentioned in the footnotes
> somewhere...
The crypto section in Mastering Algoritms with Perl is a pretty good
overview.
- Perrin
Re: mac_check in eagle book
Posted by Matt Sergeant <ma...@sergeant.org>.
On 16 Apr 2001, Chip Turner wrote:
> The modperl book mentions it double hashes to prevent a
> malicious user from concatenating data onto the values being checked.
> I don't know if they are referring to this weakness, but I suspect
> they are. Sadly, the book doesn't seem to offer a reference for the
> claim as to the specific md5 vulnderability. (Hey Doug, wanna shed
> some light on that somewhat cryptic passage? :)
I'm sure I recall seeing a book on cryptography mentioned in the footnotes
somewhere...
--
<Matt/>
/|| ** Founder and CTO ** ** http://axkit.com/ **
//|| ** AxKit.com Ltd ** ** XML Application Serving **
// || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
// \\| // ** mod_perl news and resources: http://take23.org **
\\//
//\\
// \\
Re: mac_check in eagle book
Posted by Chip Turner <ct...@redhat.com>.
Abhijit Menon-Sen <am...@wiw.org> writes:
> On 2001-04-15 23:52:38, ken@forum.swarthmore.edu wrote:
> >
> > > I was wondering if someone could explain to me why in the eagle book
> > > it is necessary to perform an md5 twice before sending a mac_check
> > > to a user [...]
> >
> > Any hashing algorithm worth its salt shouldn't have to be done twice.
> > And doing it twice may in fact expose weaknesses in the algorithm
> > (though I have no evidence to support this).
>
> Doesn't the Eagle book mention somewhere that this is done because of a
> known weakness in the MD5 algorithm?
There is a theoretical weakness in md5 if the attacker can create both
sets of data that are hashed. Under some strict circumstances, he
could get two different files with the same hash value. However, the
real world risk of this is supposedly quite low and the attack is
computationally difficult to perform. The double hashing reduces the
risk further. The modperl book mentions it double hashes to prevent a
malicious user from concatenating data onto the values being checked.
I don't know if they are referring to this weakness, but I suspect
they are. Sadly, the book doesn't seem to offer a reference for the
claim as to the specific md5 vulnderability. (Hey Doug, wanna shed
some light on that somewhat cryptic passage? :)
It's been a while, but I believe SHA1 has yet to have a weakness
found. md5 is probably secure enough for websites though.
Chip
--
Chip Turner cturner@redhat.com
RHN Web Engineer
Re: mac_check in eagle book
Posted by Abhijit Menon-Sen <am...@wiw.org>.
On 2001-04-15 23:52:38, ken@forum.swarthmore.edu wrote:
>
> > I was wondering if someone could explain to me why in the eagle book
> > it is necessary to perform an md5 twice before sending a mac_check
> > to a user [...]
>
> Any hashing algorithm worth its salt shouldn't have to be done twice.
> And doing it twice may in fact expose weaknesses in the algorithm
> (though I have no evidence to support this).
Doesn't the Eagle book mention somewhere that this is done because of a
known weakness in the MD5 algorithm?
- ams
Re: mac_check in eagle book
Posted by Ken Williams <ke...@forum.swarthmore.edu>.
eric@corp.classmates.com (Eric Kolve) wrote:
>I was wondering if someone could explain to me why in the eagle book it
>is necessary to perform
>an md5 twice before sending a mac_check to a user of a number of
>fields. I read in the mod_perl book that this is done 'to prevent
>technically savy users from appending data to the @fields'.
>
>my $mac_check = md5_hex($secret,
> md5_hex(join '', $secret, @fields));
>
>
>What I am wondering is, what situation would a user be able to append
>data to the fields? I believe if you change only one bit of the data,
>the mac will change, so I am a little confused.
This looks suspicious to me too. Any hashing algorithm worth its salt
shouldn't have to be done twice. And doing it twice may in fact expose
weaknesses in the algorithm (though I have no evidence to support this).
I'd suggest just this:
my $mac_check = md5_hex join '', $secret, @fields;
------------------- -------------------
Ken Williams Last Bastion of Euclidity
ken@forum.swarthmore.edu The Math Forum
Re: mac_check in eagle book
Posted by Larry Leszczynski <la...@furph.com>.
Hi Eric -
> I was wondering if someone could explain to me why in the eagle book it
> is necessary to perform
> an md5 twice before sending a mac_check to a user of a number of
> fields. I read in the mod_perl book that this is done 'to prevent
> technically savy users from appending data to the @fields'.
>
> my $mac_check = md5_hex($secret,
> md5_hex(join '', $secret, @fields));
<disclaimer> I am not a crypto expert </disclaimer>
There is a good explanation starting on page 5 of this:
ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto1n1.pdf
Basically because the algorithm is iterative and pads the length of input
data to multiples of 512 bits, you can start with a MAC that came from
MD5(secret + data), and use it to create a new MAC that corresponds to
MD5(secret + data + pad + appended_data), without ever knowing what the
original secret was.
As an alternative to MD5(secret + data), the authors recommendations
include:
MD5(secret + MD5(secret + data) )
or possibly better:
MD5(secret1 + MD5(secret2 + data) )
Hope this helps!
Larry Leszczynski
larryl@furph.com