[cap-talk] use of hashcodes?
David Barbour
dmbarbour at gmail.com
Mon Feb 22 21:49:11 PST 2010
On Mon, Feb 22, 2010 at 12:15 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> If you want to talk about concrete attacks, that's probably easier to
> do in the context of a specific counterproposal for what you would use
> in place of SHA256-HMAC.
Sure. Consider a webserver that implements this in the most
straightforward way possible:
* ETag numbers are simple increments on an integer. Andy the Attacker
can totally guess and influence them.
* The server keeps a fixed-size hashtable of ETags, without any other
information.
* If a user requests Get with an ETag, and the ETag is in the table,
then the 304 is returned. For all other requests, a new ETag is
created and the full Get is applied.
* When the server receives a Post, the hashtable of ETags is cleared
before taking action.
Now, this will likely perform worse and less reliably than the
SHA256-HMAC approach, especially under concurrency and mirroring
conditions or a high 'POST' load. But this isn't a serious attempt at
an alternative.
This relevant question: how does it compare security-wise?
I suspect it would be more secure than the SHA256-HMAC design, if only
because there's no risk of collisions.
>
> I see you are commenting more generally on the use of hash functions
> in secure systems.
I would have thought it obvious. But apology accepted.
More information about the cap-talk
mailing list