On Fri, Aug 08, 2003 at 06:36:59PM +0900, Hugh Sasse Staff Elec Eng wrote:
> > Otherwise you go to a different system altogether - such as public key
> > authentication.
> 
> OK, I should look into that further, but isn't that subject to
> similar attacks: not dictionary, but the parallel computer based
> ones, like DES cracking challenges people set up.  Reply off list if
> you wish, this could bore the legs of some readers and is getting
> less Ruby specific! :-)

I guess you're right. Bruce Schneier's "Applied Cryptography" is a highly
recommended read.

> > Right, so you're saying that you calculate the hash over the payload *and*
> > the nonce:
> >
> >         [ payload ] [nonce] [hash]
> >         ^^^^^^^^^^^^^^^^^^^
> >                               ^ Hash of (payload + nonce + secret)
> 
> Yes....
> >
> > But once you've done that, you don't need the nonce in the first place,
> > which is the point I was trying to make before.
> 
> The nonce gives timeout information, and prevents othere injecting
> data into the system.  Even if they can forge something convincing
> they need the right nonce to be able to do it NOW.

Then it is not a nonce. A nonce would be a random meaningless string - which
could of course include the current date/time as part of ensuring it is not
repeated. But if you are *extracting* the date/time out of that string and
using it to decide whether you will accept the packet or not, then it's a
timestamp.

> > challenge. A better mechanism is to use timestamps or sequence numbers on
> > your packets.
> 
> But can't sequential numbers be forged easily?

You can't forge anything which is under the protection of the signature
(i.e. included as part of the hash in the shared-secret algorithm we're
discussing), because to do so you would need to know the secret.

You keep a counter at the receiver end. Once you have received packet number
7, you will only expect to see packet 8. If somebody replays packet 5, then
you ignore it, because it's out of sequence. They can't send packet 9
without knowing the secret.

Regards,

Brian.