IETF Logo Mail Archive

Re: [CFRG] Reference for weakness in MAC=hash(key|msg) construct

Yann Droneaud <ydroneaud@opteya.com> Sun, 15 May 2022 18:01 UTC

Return-Path: <ydroneaud@opteya.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ADD5C20D702 for <cfrg@ietfa.amsl.com>; Sun, 15 May 2022 11:01:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.09
X-Spam-Level:
X-Spam-Status: No, score=-3.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7H7XGKVLK8o6 for <cfrg@ietfa.amsl.com>; Sun, 15 May 2022 11:01:52 -0700 (PDT)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D804C20D6FD for <cfrg@irtf.org>; Sun, 15 May 2022 11:01:51 -0700 (PDT)
Received: from [IPV6:2a01:e35:39f2:1220:8b82:cce4:60f1:5d9c] (unknown [IPv6:2a01:e35:39f2:1220:8b82:cce4:60f1:5d9c]) by smtp6-g21.free.fr (Postfix) with ESMTPS id 19B0B780346 for <cfrg@irtf.org>; Sun, 15 May 2022 20:01:46 +0200 (CEST)
Message-ID: <7c947ad7-465a-6cc4-0ca8-03fb6d89c7bf@opteya.com>
Date: Sun, 15 May 2022 20:01:46 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: fr-FR
To: cfrg@irtf.org
References: <5eec9c58-4bfd-7ada-2fdd-90d1180100e1@htt-consult.com>
From: Yann Droneaud <ydroneaud@opteya.com>
Organization: OPTEYA
In-Reply-To: <5eec9c58-4bfd-7ada-2fdd-90d1180100e1@htt-consult.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ddnODGw7CqkNlA7JjQq4bbiLzS8>
Subject: Re: [CFRG] Reference for weakness in MAC=hash(key|msg) construct
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 May 2022 18:01:56 -0000

Hi,

Le 13/05/2022 à 16:24, Robert Moskowitz a écrit :
>
> I need to show that a MAC based on hash(key|msg) is bad and this has 
> been known since the mid-90s.
>
> This is for the Drone Command and Control (C2) open protocol MAVlink's 
> 6 byte authentication:
>
> https://mavlink.io/en/guide/message_signing.html
>

Cryptography in MAVlink is somewhat a weak point. Last year I've noted 
the following:

Believe it or not but cryptography is about making things hidden ... so 
putting a symmetric key in clear in source file available on github is 
probably defeating the whole purpose of using cryptography:

     PairingManager::PairingManager(QGCApplication* app, QGCToolbox* toolbox)

     : QGCTool(app, toolbox)

     , _aes("J6+KuWh9K2!hG(F'", 0x368de30e8ec063ce)


https://github.com/mavlink/qgroundcontrol/blob/cc95825594fc99e7537198003cab4a0dd1172bcb/src/PairingManager/PairingManager.cc#L43


https://twitter.com/ydroneaud/status/1361421701179797504


-- 

Yann Droneaud

OPTEYA

v2.23.0 | Report a Bug | By Email