Re: using a MAC with a very short message
From: Andy Fish (ajfish_at_blueyonder.co.uk)
Date: 04/26/04
- Next message: Lord Valve: "Re: Pat Tillman's Used Jock Strap on Ebay"
- Previous message: Lord Valve: "Pat Tillman's Used Jock Strap on Ebay"
- In reply to: Gregory G Rose: "Re: using a MAC with a very short message"
- Next in thread: Tom St Denis: "Re: using a MAC with a very short message"
- Reply: Tom St Denis: "Re: using a MAC with a very short message"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Apr 2004 07:30:23 GMT
Since you ask, here's the scenario:
a user is on a mailing list and gets sent an email (BTW it's not spam!). at
the bottom is a link saying "to unsubscribe click here" with a URL that goes
http://www.example.com/unsubscribe.php?userid=32&mac=34ff2bd4b22e93c5352e734
in this case, the "message" is simply the number 32. clearly if there isn't
a MAC, it would be very easy for a malicious user to unsubscribe someone
else. by including a MAC, I can be reasonably sure that user 32 can only be
unsubscribed by someone who is reading user 32's email. For a mailing list
this is de facto an acceptable level of security. As you can see, the replay
"attack" is not an issue here since the unsubscribe is idempotent.
Sorry if "MAC" has certain connotations and was the wrong term to use in
this instance. It certainly seems to me that it is a MAC. If anyone can
point out a flaw or suggest a better/simpler mechanism I will happily
consider it.
Andy
"Gregory G Rose" <ggr@qualcomm.com> wrote in message
news:c6gs6p$1k2@qualcomm.com...
> In article <fJPic.34988$Ml.32991@news01.bloor.is.net.cable.rogers.com>,
> Tom St Denis <tom@securescience.net> wrote:
> >Andy Fish wrote:
> >> I'm not after a particularly high level of security and the replay
attack is
> >> not a problem for me, so I guess I'm OK
> >
> >Then why MAC at all? It wastes bandwidth and offers ZERO security.
>
> As usual, the OP didn't tell us what he's actually
> trying to achieve, only what mechanism he wants to
> use to achieve it. So it's impossible to tell
> whether he gets security out of it or not, since
> "secure" is relative to his (secret) threat model.
>
> I can imagine one case where this would be secure,
> even without the timestamp, and that's a kind of
> online "bingo" game. The number is only relevant
> the first time it is sent, and replay attacks
> don't do anything.
>
> Generally, though, I agree with you... the first
> question you need to ask after designing in a MAC
> is "Do replays matter, and (almost all the time)
> how do I prevent them?"
>
> Greg.
> --
> Greg Rose
> 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
> Qualcomm Australia: http://www.qualcomm.com.au
- Next message: Lord Valve: "Re: Pat Tillman's Used Jock Strap on Ebay"
- Previous message: Lord Valve: "Pat Tillman's Used Jock Strap on Ebay"
- In reply to: Gregory G Rose: "Re: using a MAC with a very short message"
- Next in thread: Tom St Denis: "Re: using a MAC with a very short message"
- Reply: Tom St Denis: "Re: using a MAC with a very short message"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
