WebApp Sec mailing list archives
Re: Using SSL private key for cookie's HMAC
From: "Jason Coombs PivX Solutions" <jcoombs () PivX com>
Date: Mon, 6 Sep 2004 00:45:10 +0000 GMT
The simplest, most direct path to discovering an SSL server's private/public key pair is to precompute every possible key pair and then do a lookup when the server gives you its public key. Every other attack on SSL cryptography that seeks to discover the server's private key *should* be more difficult to accomplish, since it would involve factoring or finding a needle (a discernable pattern that should not exist) in a ciphertext haystack. It will take you a very long time to precompute all those keys, so you better get started now. Go ahead and reuse the private key for other things, like signing your cookies, if you wish. I can discover your server's private key by attempting to sign the same cookie data your server signed until I get the same signature yours produced, but there's no point in that because your server is already giving me the shortest computational path possible to discover your private key when it gives me its public key. I'll choose the shorter path over cryptanalysis of your cookie signatures, thanks. ... Until somebody finds a new approach to RSA cryptanalysis, that is... Jason Coombs Director of Forensic Services PivX Solutions, Inc. http://www.PivX.com/forensics/ -----Original Message----- From: "Jeff Williams" <jeff.williams () aspectsecurity com> Date: Tue, 31 Aug 2004 09:37:48 To:"Simon Zuckerbraun" <szucker () sst-pr-1 com>, <webappsec () securityfocus com> Subject: Re: Using SSL private key for cookie's HMAC Simon, I'm curious too. Assuming you use the private key properly, are there any risks associated with using the private key for purposes other than SSL. Could the SSL private key be safely used as a "master key" for encrypting and signing other things on the web server? I suspect the reasons to use a separate key are for better key management. You'll want to change keys periodically and it might just be easier if you don't have to change the site's SSL cert as well. So I think it's an interesting idea, but it's probably just as easy to have a separate key for purposes other than SSL. --Jeff Jeff Williams Aspect Security, Inc. http://www.aspectsecurity.com ----- Original Message ----- From: "Simon Zuckerbraun" <szucker () sst-pr-1 com> To: <webappsec () securityfocus com> Sent: Friday, August 27, 2004 12:42 AM Subject: Using SSL private key for cookie's HMAC
I'm pondering a design question regarding a web application that is to operate over SSL. We want to include an HMAC in our cookies to prevent tampering. To produce an HMAC, the server must be configured with a private key. Since the website operates with SSL, the server already *has* a private key available: the private key of its SSL certificate. Is there any harm in using this same private key for producing the HMACs as well? Thanks, Simon
Current thread:
- Using SSL private key for cookie's HMAC Simon Zuckerbraun (Aug 27)
- Re: Using SSL private key for cookie's HMAC Andrew Steingruebl (Sep 05)
- Re: Using SSL private key for cookie's HMAC Jeff Williams (Sep 05)
- Re: Using SSL private key for cookie's HMAC Adam Shostack (Sep 05)
- <Possible follow-ups>
- Re: Using SSL private key for cookie's HMAC Jason Coombs PivX Solutions (Sep 05)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 06)
- Re: Using SSL private key for cookie's HMAC Jason Coombs PivX Solutions (Sep 07)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 07)
- Webserver problems John Fisher (Sep 09)
- RE: Webserver problems Dinis Cruz (Sep 10)
- Re: Webserver problems Mike Kalinovich (Sep 11)
- Re: Using SSL private key for cookie's HMAC Peter Conrad (Sep 06)