Bugtraq mailing list archives
Re: InterNIC Shenanigans (crypt-pw)
From: @ (Igor Chudov @ home)
Date: Fri, 11 Oct 1996 19:47:22 -0500
-----BEGIN KGB SIGNED MESSAGE----- PGP auth scheme also seems vulnerable to replay attacks. For example, suppose alice () victim com sends a signed message to hostmaster () internic net asking him/it to set the nameserver for victim.com to box1. Mallory intercepts this message and stores it for future attacks. A year later, Alice decides to move and change a provider, and sends a signed message asking to change the domain nameserver to box2. Mallory also intercepts it and finds out that alice is moving. A month later when Alice thinks that she has changed her nameserver successfully, Mallory strikes and re-sends the first message. At this time, Alice's domain is effectively disabled because it is served by a wrong nameserver. At best, the exchange should be done using cookie protocol when Alice has to request a non-reusable cookie from InterNIC prior to sending any domain change requests. At worst, internic and its guardian should allow for encrypted (and signed) messages. That will at least thwart some of the attackers. igor Sean B. Hamor wrote:
-----BEGIN PGP SIGNED MESSAGE----- Well, the InterNIC has started protecting against fakemailed domain name and NIC handle changes by adding "crypt-pw" and PGP support to their databases. For those of you not familiar with this, you can now request that your email address not be used to authenticate you, but instead add a crypted string or PGP key id to your domain/NIC template to authenticate you. You have to submit your PGP public key block to the InterNIC keyserver if you've chosen to use the PGP option. Regardless, it seems that there may be a hiccup in the InterNIC's method of generating crypted strings. I admit, I'm not very knowledgeable when it comes to encryption schemes, but even I can see an initial problem here. Because of my lack of knowledge, however, I wouldn't be able to continue any further to see how deep this initial discovery I made runs. If you don't want to use the entire WWW domain/NIC template, you can use http://rs.internic.net/guardian/crypt-pw.html to generate a crypted passwd for you. Basically, you type in your cleartext passwd, hit submit, and it fires back the crypted version at you. Here are some cleartext/ciphertext combinations: nuke nuX9097V9o/TY narque naXwgSS98Q3xo cq cqjtFeb2JgXwg 222222 22Yrs645sLqh2 Is it just me, or does it seem silly to you that the first two characters of the passwd are revealed by the first two characters in the crypted passwd? A quote from the crypt-pw.html page: "Please note that this option is not as secure as PGP. We recommend the use of PGP when possible." Go figure. Just my 00000010 sense... Finger hamors () ishiboo com /\_/\ mailto:hamors () litterbox org for PGP public key block. ( o.o ) http://www.ishiboo.com/~hamors/ alt.litterbox, The Home of TOCA > ^ < http://www.litterbox.org/~hamors/ Hi! I'm a .signature virus! Add me to your .signature and join in the fun! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMl50JjU6HlxZIJ+FAQGeGgf+NOuQRbTdWz1nxovYsZ324Ij/fxAzQ643 dVwf8yc1HNfNTw0zZlpz47EVaNQ5w6yrISXHmmSQ6UT+E2tnCOnK6dpaTamNO941 HiADrWMQz+OvHrNM/z4BZPPQlJrWZJ3Jbak88S1fboDoNKqb4tLhS//3I7oFURiB 2Dnxy0W8oge4rJhoP+XEIsW+CdyFZrYxy2TpwEGfYxybm7I890TA5u43XEEA+QLQ Mm7AQXcNlcaYpH33Pavr964c1q68aRWvCXgnH4f9aSkRzjvYancVDpBIRZAbZM2Y 4XAsJ6yLhoHmrP6PaZQ7Xj7ChmIEfE8P0FNWdVqGAypRG8+/tymc+Q== =jyAN -----END PGP SIGNATURE-----
- Igor.
Current thread:
- antizap2. Digital Dreamer (Oct 08)
- Re: antizap2. Wolfgang Ley (Oct 09)
- novell utility BlackHeart (Oct 09)
- Re: novell utility Bruce M. (Oct 09)
- Re: novell utility Doctor Who (Oct 10)
- Sun Security Bulletin #136 Mark Graff (Oct 10)
- SECURITY HOLE IN AUTHENTICATION FORWARDING Charles M. Hannum (Oct 10)
- Re: SECURITY HOLE IN AUTHENTICATION FORWARDING Tatu Ylonen (Oct 13)
- InterNIC Shenanigans (crypt-pw) Sean B. Hamor (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Yiorgos Adamopoulos (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Igor Chudov @ home (Oct 11)
- Re: InterNIC Shenanigans (crypt-pw) Steve Reid (Oct 12)
- Re: InterNIC Shenanigans (crypt-pw) Rogue Agent (Oct 12)
- Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 11)
- Re: Excellent host SYN-attack fix for BSD hosts Ollivier Robert (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 16)
- Re: Excellent host SYN-attack fix for BSD hosts David Schwartz (Oct 16)