Re: preventing sequence number guessing
Paul Robinson (tdarcos@access.digex.net)
Sun, 29 Jan 1995 20:25:58 -0500 (EST)
On Sun, 29 Jan 1995, David A. Wagner wrote:
> >
> > Anyone care to do a real-time test? Generate some random strings of
> > varying length, including some one-byte responses, until you have some
> > large number, say, 10000 of these strings. Randomly assign some to one
> > side, so that maybe one side has 1000 outgoing strings and 9000 incoming,
> > then have an MD5 checksum done in which the program generates a checksum
> > for each line, sends it, then after, say, 10 lines, sends a message the
> > other way.
> >
>
> I think you misunderstood my (proposed) use of MD5.
>
> MD5 would *not* be invoked for every packet sent -- *only*
> for SYN packets, i.e. for TCP/IP connection startup.
>
> There'd be one invocation of MD5 per new connection request
> per machine. Furthermore, the input being hashed would only
> need to be a few bytes -- 8 or 16 is plenty.
So again, what's to keep someone from hijacking the connection again.
Comes in, steals the packets on the wire. Substitutes his for the real
ones, then sends a "close connection" or "reset" back to the original
source. He now has an authenticated connection after it's been
authenticated.
>
> I *heard* that there was one bug in the MD5 code printed in
> the RFC, but I've never tried it myself.
Someone want to check this? If so, it needs to be reported and the RFC
needs to be obsoleted and replaced with a new one. Do we have anyone
here who has the arithmetic to be able to verify this sort of thing? I
can puzzle some things out, but this goes way beyond my mathematical
abilities.
> There's MD5 code at ripem.msu.edu /pub/crypt/others/md5.zip
> which I'm pretty certain is good...
Might be worth running tandem verifications of some items and see that
they both get the same results, say on a few thousand items.