[cap-talk] solve CSRF by making references unforgeable, not unshareable
Bill Frantz
frantz at pwpconsult.com
Mon Mar 30 21:52:43 EDT 2009
david.hopwood at industrial-designers.co.uk (David-Sarah Hopwood) on Thursday, March 26, 2009 wrote:
>Encrypted capabilities work by being sparse (if they were only encrypted
>but not sparse, then it would be possible to forge a random but valid
>capability).
If the representation of a capability includes a dense index to the
referenced object, and a MAC for the index, then the server can use
indexing rather than lookup to locate the object. (Lookup would probably
use a data structure such as a hash table or RBtree.)
Of course, checking the MAC would be more expensive than the lookup for
small number of objects. For large numbers of objects, the MAC would win.
Calculating the number of objects where the two techniques are equally
costly is left as an exercise for the reader. :-)
In practice, the representation would also contain an "allocation count" to
permit reuse of indexes.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the cap-talk
mailing list