Misuse of Cryptography


Description of the Problem

When designing an authentication scheme it is important to understand the properties of cryptographic tools. These include hash functions such as SHA-1, authentication codes like HMAC, and higher level protocols like SSL.

For example, SSL alone does not provide user authentication. It can authentication users with X.509 certificate, but this feature is rarely used due to PKI deployment problems. Instead, SSL is used to provide confidentiality of authentication tokens and data. Misunderstanding the properties of SSL made Fat Brain vulnerable to selective forgeries by the interrogative adversary. Their authenticator consisted of a username and a session identifier based on a global sequence number. An interrogative adversary could guess the session identifier for a chosen viction and make an SSL request with this identifier. Here, the use of SSL did not make the system secure.

The Wall Street Journal used an algorithm called fastlogin which is weaker than schemes which send cleartext passwords across the internet. WSJ.com requires a paid account to read articles, purchase archived articles, etc. A user can log into a personalized WSJ.com site if the user's WEb browser has a valid "fastlogin" cookie. Because of several mistakes in the use of cryptography, we were able to write a program which given a username, creates a working fastlogin cookie. This program is attached to the bottom of this document.

fastlogin=username + crypt(username + server secret)

An interrogative adversary who discovers the algorithm can forge a cookie authenticator for any user. This results in a crypt only hashes up to the first 8 characters of input, an interrogative adversary can discover their algorithm and can then forge a cookie authenticator for any user, totally breaking the system. Even if the adversary could not figure out the algorithm, they could still create fastlogin cookie authenticators for any user with a username of more than eight characters. This yet again shows that security through obscurity DOES NOT WORK.

List of Sites who have suffered this problem


[Home]   [Publications]   [Cookie encyclopedia]   [Mailing list]   [FAQ]   [Contact us]

[Blue Ribbon Campaign icon]
Join the Blue Ribbon Online Free Speech Campaign!