Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: InterNIC Shenanigans (crypt-pw)

From: agent () l0pht com (Rogue Agent)
Date: Sat, 12 Oct 1996 11:04:13 -0400


PGP auth scheme also seems vulnerable to replay attacks.

For example, suppose alice () victim com sends a signed message to
hostmaster () internic net asking him/it to set the nameserver for
victim.com to box1. Mallory intercepts this message and stores it for
future attacks.

A year later, Alice decides to move and change a provider, and sends a
signed message asking to change the domain nameserver to box2.  Mallory
also intercepts it and finds out that alice is moving.

A month later when Alice thinks that she has changed her nameserver
successfully, Mallory strikes and re-sends the first message. At this
time, Alice's domain is effectively disabled because it is served by a
wrong nameserver.


Easiest way to fix this is to have a Date field inside the clearsigned
text, & make sure InterNIC actually looks at it.

        RA

agent () l0pht com (Rogue Agent/SoD!/TOS/attb) - pgp key on request
----------------------------------------------------------------
The NSA is now funding research not only in cryptography, but in all areas
of advanced mathematics. If you'd like a circular describing these new
research opportunities, just pick up your phone, call your mother, and
ask for one.
Previous By Date Next
Previous By Thread Next

Current thread: