Reusing a nonce, key pair in encryption

From OWASP
Revision as of 17:44, 13 April 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search



Overview

Nonces should be used for the present occasion and only once.

Consequences

  • Authentication: Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

Exposure period

  • Design: Mitigating technologies such as safe string libraries and container abstractions could be introduced.
  • Implementation: Many traditional techniques can be used to create a new nonce from different sources.
  • Implementation: Reusing nonces nullifies the use of nonces.

Platform

  • Languages: Any
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

Avoidance and mitigation

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Refuse to reuse nonce values.
  • Implementation: Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

Discussion

Nonces, are often bundled with a key in a communication exchange to produce a new session key for each exchange.

Examples

In C/C++:

#include <openssl/sha.h>

  1. include <stdio.h>
  2. include <string.h>
  3. include <memory.h>

int main(){

 char *paragraph = NULL;
 char *data = NULL;
 char *nonce = "bad";
 char *password = "secret";
 
 parsize=strlen(nonce)+strlen(password);
 paragraph=(char*)malloc(para_size);	
 strncpy(paragraph,nonce,strlen(nonce));
 strcpy(paragraph,password,strlen(password));
 
 data=(unsigned char*)malloc(20);
 SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);
 free(paragraph);
 free(data);

//Do something with data//

 return 0;

} In Java:

String command = new String("some command to execute") MessageDigest nonce = MessageDigest.getInstance("SHA"); nonce.update(String.valueOf("bad nonce"); byte[] nonce = nonce.digest();

MessageDigest password = MessageDigest.getInstance("SHA"); password.update(nonce + "secretPassword"); byte[] digest = password.digest(); //do somethign with digest//

Related problems

Not available.

Categories