Penetration Testing mailing list archives
Re: [FDE] Information leakage with publicly visible hash/signature
From: Dave Howe <DaveHowe.Pentest () googlemail com>
Date: Mon, 27 Oct 2008 21:01:47 +0000
John wrote:
Hi all, (Apologies for asking two questions in quick succession on this mailing list: they were similar but distinct so I thought I should put two posts up. As before, any help is greatly appreciated). The software I'm writing sends an encrypted file to a peer for safe keeping (for data backup purposes). The peer never needs to decrypt the file - only the sender knows the key. The peer also is sent metadata about the file for later recovery. My question is this: is there any harm in sending, in plaintext, the hash of the *original* plaintext file to the peer? This would be used when recovering the file to make sure it has been safely decrypted etc. Assume the hash would be cryptographically secure (i.e. SHA256).
Conditionally, yes. it can be used for massively distributed trial decryption to verify that the trial was correct. However, in practical terms, no, as encryption schemes often include inband checksums anyhow. depends on your attack model, really. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: [FDE] Information leakage with publicly visible hash/signature Dave Howe (Oct 27)