Re: [xmpp] IQ Handling vulnerabilities

Thijs Alkemade <thijs@xnyhps.nl> Mon, 10 February 2014 19:25 UTC

Return-Path: <thijs@xnyhps.nl>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1993B1A01A8 for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 11:25:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.453
X-Spam-Level:
X-Spam-Status: No, score=-0.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.548] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ro2neIQF8-KN for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 11:25:47 -0800 (PST)
Received: from s.xnyhps.nl (s.xnyhps.nl [46.19.32.61]) by ietfa.amsl.com (Postfix) with ESMTP id 1BCAF1A046A for <xmpp@ietf.org>; Mon, 10 Feb 2014 11:25:47 -0800 (PST)
Received: from [192.168.1.11] (196pc201.sshunet.nl [145.97.201.196]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s.xnyhps.nl (Postfix) with ESMTPSA id 1472220AEB; Mon, 10 Feb 2014 20:25:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xnyhps.nl; s=mail; t=1392060339; bh=DfVu6kJdm34kZJF0yTOFY94zpiKCWPcH7s48fUFfoQg=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=E8lDaweUx1/o4l5MjQVlVrpqp3cm2GO9v/9fO7jTHadiru7SUaMliTHnYn5zTlOrC u/GE2G+kiIDKsCl0QrSJMm/G0htkLCIcngrdAPtzc7QQixZvPwsp9yxr6Vec8zCzJN aWDAFLbJqgNsEOLqIBJtqANORhiHao7pBXC95BjU=
Content-Type: multipart/signed; boundary="Apple-Mail=_FB30FA60-BBE6-4B22-B687-9D9F7AD2D0D1"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Thijs Alkemade <thijs@xnyhps.nl>
In-Reply-To: <CF1E56C5.38F45%jhildebr@cisco.com>
Date: Mon, 10 Feb 2014 20:25:36 +0100
Message-Id: <1078DA63-EB0B-4724-A4DA-BA1B5C4FE4EC@xnyhps.nl>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <CF1A4928-54B5-4A95-9A4B-0EC572A3CDBD@cisco.com> <CF1E56C5.38F45%jhildebr@cisco.com>
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
X-Mailer: Apple Mail (2.1827)
Cc: Ben Campbell <ben@nostrum.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 19:25:49 -0000

On 10 feb. 2014, at 18:15, Joe Hildebrand (jhildebr) <jhildebr@cisco.com> wrote:

> On 2/7/14 8:13 AM, "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com> wrote:
> 
>> I have a couple of ludicrous s2s attacks on mind, but more important I
>> think is doing what
>> 
>> Mobile/terse. DYAC.
> 
> Yes, well that was even more terse than normal.  I was going to say
> something about generating less-guessable IDs that don't eat up much
> entropy.  For example:
> 
> start = sha1(crytpo_rand())
> start+1 = sha1(start)
> 
> would probably do nicely.

Uhm. Maybe this email is missing a line again, but if you use those values as
'id's directly, they will not be unpredictable at all, as anyone who receives
an <iq/> can generate the rest of the chain.

However, if you make sure the 'id' values are only half the hashes, it should
be unpredictable unless an attacker is willing to spend an insane amount of
work.

So:

start = sha1(crytpo_rand())
start+1 = sha1(start)
...

id1 = start[0:10]
id2 = start+1[0:10]
…


Thijs