lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <75C025AE395F374B81F6416B1D4BDEFB0146C3E2@mtv-corpmail.microfocus.com>
Date: Thu, 11 Dec 2003 10:21:32 -0800
From: Michael Wojcik <Michael.Wojcik@...rofocus.com>
To: bugtraq@...urityfocus.com
Cc: Michal Zalewski <lcamtuf@...ttot.org>, Valdis.Kletnieks@...edu,
	Nick Cleaton <nick@...aton.net>
Subject: RE: A new TCP/IP blind data injection technique?


> From: Valdis.Kletnieks@...edu [mailto:Valdis.Kletnieks@...edu] 
> Sent: Thursday, December 11, 2003 12:06 PM
> 
> On Thu, 11 Dec 2003 07:37:02 GMT, Nick Cleaton said:
> 
> > Even if the attacker knows or controls every other byte in 
> > the packet and thus controls the checksum before the final 16
> > bits go in, the final checksum is as unpredictable as those 16
> > bits.

> However, it's a trivial matter to take the original text, the 
> replacement text, and compute an original such that the checksum
> comes out "the same".

True, but irrelevant to the problem at hand, where the attacker has neither
the original checksum nor the original text.  Michal's question was whether
an attacker who controls

	- the checksum
	- part, but not all, of the text

can set the checksum so as to have a better than 1/65536 possibility of
having it correct.  Nick's response was no, if the attacker cannot control
as little as 16 bits of the text.  As you pointed out yourself, any partial
checksum value can be mapped to any final checksum value by adding the final
two bytes.

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ