Re: [fw-wiz] CERT vulnerability note VU# 539363 (fwd)

From: Mike Frantzen (frantzen@w4g.org)
Date: 10/22/02


From: Mike Frantzen <frantzen@w4g.org>
To: Darren Reed <darrenr@reed.wattle.id.au>
Date: Tue Oct 22 12:14:19 2002


> Mike's "reference" here is the hash table IPFilter uses (maybe others).
> FWIW, it gets distributed with a predefined size and most likely most
> people never change this. That said, nobody has ever come to me and
> said "here's a patch to fix it" or "my firewall is running like a dog
> because of this attack". Be that as it may, code has been in place for
> some time to address this issue, in future, using a secret.

Most firewalls I've seen used a hash table that could be attacked.
Linux's Netfilter (2.4 and 2.5) too. It chooses its size based on the
memory size in the machine though.
Hell. I wrote one a few summers back over the course of a few weekends
which had a very easily attacked state table too.

I'm looking forward to how you encorporate a secret into the hash.
There isn't enough good cryptographer blood in me to trust myself to
write a safe hash function.

.mike



Relevant Pages

  • Re: Hashing of short fixed length messages
    ... You actually have 55 bytes of useful payload before MD5 requires a 2nd ... to present a traditional hash interface since the ... The input itself is a hash too, so I can ignore related key attack, ... to a speed-up factor of two, but I don't think it's secure. ...
    (sci.crypt)
  • Re: Algorimic Complexity Attacks
    ... For instance, in a hash table, the performance is ... while using a keyed hash function offers the best ... It requires that a cryptographically random secret is used ... Now the promised attack on using a keyed hash function with the above ...
    (Bugtraq)
  • Short string of data as input of SHA 256
    ... concatened with 24 non secret bits of data, ... I obtain a 256 bits string. ... Toward an attack trying to find the input from the output is brut ... although hash algorithms are usually ...
    (sci.crypt)
  • Re: How good an encryption algorithm is this?
    ... Actually it's vitally important that the salt is different every time. ... but a one-way hash of the password). ... >>> attack (using my dictionary of plaintext trial passwords and the ... you need to perform this iteration only once. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How good an encryption algorithm is this?
    ... Actually it's vitally important that the salt is different every time. ... but a one-way hash of the password). ... >>> attack (using my dictionary of plaintext trial passwords and the ... you need to perform this iteration only once. ...
    (microsoft.public.vc.language)