Electronics Home»Top Flaws in Distributed Authentication Systems and how they are Attacked, High Tech, Page 53

Top Flaws in Distributed Authentication Systems and how they are Attacked, High Tech, Page 53

Top Flaws in Distributed Authentication Systems and how they are Attacked

Share  Email
  Page: 53
See entire paper: http://electronics.wesrch.com/pdfEL11TZ3XNMONP
Page URL: http://electronics.wesrch.com/53-pdfEL11TZ3XNMONP
Note : Best viewed in FF3 or above, IE7 or above
Page(s): 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
 
Page content:

8. Crypto Foibles

 HMAC array comparison timing flaw
 Short-circuit return on mismatch allows byte-at-a-
time brute force
 Seems minute, but actually workable with statistical
sampling
 Surprisingly hard to write a constant-time
comparison in Java or .NET! (Try it.)
 Solution: HMAC your received and calculated
values a second time before comparing
 Prevents ciphertext malleability with the
cryptographic properties of the algorithm, instead of
trying to prevent measurement
Insert presenter logo
here on slide master.
See hidden slide 2 for
directions

 
 
Subscribe
x