[Standards] [Fwd: [Council] meeting minutes, 2007-11-21]

Dave Cridland dave at cridland.net
Thu Nov 22 15:39:39 UTC 2007


On Thu Nov 22 10:38:43 2007, Lauri Kaila wrote:
> What kind of attacks are based on this weakness in XEP-0115? I can
> only think of DOS by lying capabilities (when the hash of a liar's
> capabilities collides with someone's real caps). I'd think disabling
> XEP-0115 is the cure to recover and prevent happening again.

There's a small window for a downgrade attack. For instance, if one  
happened to be able to find out that someone whom the victim usually  
spoke to under some e2e encryption upgraded their client before the  
victim, you could arrange for the victim to query your fake caps by  
disco rather than the target's, allowing you to remove the e2e  
encryption capability.

This requires a preimage attack - ie, you need to select a plaintext  
such that a hash comes out equal. You could mount either a first or  
second preimage attack, it doesn't matter much. I've tended to refer  
to a second preimage attack, since we're actually looking at matching  
the hash in the entity caps, but a first is practical too if it's  
easier.

In principle, you could mount the attack via a collision attack - in  
which case it'd be practical with MD5 - except that would require you  
gained sufficient access to the disco responses of the target, which  
means either mounting a very expensive and pointless attack on the  
target's computer, or by subverting the development process of their  
client. I'm inclined to rule these out, since a rogue developer going  
undetected is able to do much more interesting things, as is someone  
able to take control of specific remote computers at will.

Maybe RFC4270 should be required reading before we go much further.

Suffice to say there are still no known preimage attacks on either  
MD5 or SHA-1. There is one for MD4, so let's rule that out, 'kay?

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list