Re: [xmpp] IQ Handling vulnerabilities

Alexander Holler <holler@ahsoftware.de> Tue, 11 February 2014 18:48 UTC

Return-Path: <holler@ahsoftware.de>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 880491A06D0 for <xmpp@ietfa.amsl.com>; Tue, 11 Feb 2014 10:48:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.208
X-Spam-Level:
X-Spam-Status: No, score=0.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jVLUeUv8HllM for <xmpp@ietfa.amsl.com>; Tue, 11 Feb 2014 10:48:50 -0800 (PST)
Received: from mail.ahsoftware.de (h1446028.stratoserver.net [85.214.92.142]) by ietfa.amsl.com (Postfix) with ESMTP id 581871A067D for <xmpp@ietf.org>; Tue, 11 Feb 2014 10:48:50 -0800 (PST)
Received: by mail.ahsoftware.de (Postfix, from userid 65534) id 7A3D1423C2AC; Tue, 11 Feb 2014 19:48:49 +0100 (CET)
Received: from eiche.ahsoftware (p57B23CD3.dip0.t-ipconnect.de [87.178.60.211]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ahsoftware.de (Postfix) with ESMTPSA id 8E721423C2A6 for <xmpp@ietf.org>; Tue, 11 Feb 2014 19:48:28 +0100 (CET)
Received: by eiche.ahsoftware (Postfix, from userid 65534) id 79DC4851C5; Tue, 11 Feb 2014 19:48:27 +0100 (CET)
Received: from krabat.ahsoftware (unknown [IPv6:feee::5246:5dff:fe8b:95f8]) by eiche.ahsoftware (Postfix) with ESMTP id EA76B7F829; Tue, 11 Feb 2014 18:48:22 +0000 (UTC)
Message-ID: <52FA7076.6070208@ahsoftware.de>
Date: Tue, 11 Feb 2014 19:48:22 +0100
From: Alexander Holler <holler@ahsoftware.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Dave Cridland <dave@cridland.net>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <CF1A4928-54B5-4A95-9A4B-0EC572A3CDBD@cisco.com> <CF1E56C5.38F45%jhildebr@cisco.com> <B671D7DA-CE9A-4A2C-8EDE-BF94F5F6FE82@xnyhps.nl> <52FA165B.8050901@ahsoftware.de> <CAKHUCzzhxKLbkNE=WjtP9S6XWm14-5e7Ut150x4k1akegm+1Qw@mail.gmail.com> <52FA3E53.3060009@ahsoftware.de> <0C2D606F-F718-4B07-A0A8-329C547D1BD8@xnyhps.nl> <52FA4D02.5050907@ahsoftware.de> <52FA5060.9040303@ahsoftware.de> <CAKHUCzyv1cMiZn9OkAXOeaMs-Ti8Z32K-gjygc1dMM9NVLqVPQ@mail.gmail.com> <52FA5DB5.50206@ahsoftware.de> <52FA64EA.3010003@ahsoftware.de>
In-Reply-To: <52FA64EA.3010003@ahsoftware.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2014 18:48:51 -0000

Am 11.02.2014 18:59, schrieb Alexander Holler:

> To play with that hash of hash, is it possible that the hash of a hash
> is the hash itself? If that ever happens your system will have a
> problem, so how likely is that? And in the proposed solution it's a bit
> more difficult, because only the higher 5 bytes of the 20 bytes long
> hash are used. At least for me, the answer to that isn't obvious.

To become completely offtopic, one could formalize that question to how 
the possibility is that

sha1^n(x) = sha1(x) for 2 < n <= 100

(if you need that 100  IDs in series are unique) and furthermore you 
have to look at the upper 5 bytes. I'm not sure if that is what 
cryptographers usually do look at if they check hash algorithms. So 
argueing with whatever they found out about sha1 doesn't look obvious to me.

Regards,

Alexander Holler