Re: [xmpp] IQ Handling vulnerabilities

Thijs Alkemade <thijs@xnyhps.nl> Mon, 10 February 2014 19:25 UTC

Return-Path: <thijs@xnyhps.nl>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202511A0433 for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 11:25:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.453
X-Spam-Level:
X-Spam-Status: No, score=-0.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.548] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jmwj7hyDEKKY for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 11:25:47 -0800 (PST)
Received: from s.xnyhps.nl (s.xnyhps.nl [46.19.32.61]) by ietfa.amsl.com (Postfix) with ESMTP id 1B2A01A0450 for <xmpp@ietf.org>; Mon, 10 Feb 2014 11:25:47 -0800 (PST)
Received: from [192.168.1.11] (196pc201.sshunet.nl [145.97.201.196]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s.xnyhps.nl (Postfix) with ESMTPSA id 5477320BF9; Mon, 10 Feb 2014 20:25:41 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xnyhps.nl; s=mail; t=1392060341; bh=fOCV22n7QMq4raeL1eTbxIMNfL0zY+Bcl/wNbcZPxvA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=ekhT0eYv3HPIlAzroTO7SMoyBztkPhqWumG6EZVmOfDCxYWnmiQOIWvdn+AB7uGNM 7ZaHd2SB/F5Hmeq48f70OD1Jr8tN1CbbOhnrVN3dP3zpXL/FZ2W3VU6wbktbp01fbv HT1Zim3fM9o/svXIiPuiJgvWiBsSEroIqFrcohCg=
Content-Type: multipart/signed; boundary="Apple-Mail=_60F60CE3-FE59-47E3-A262-69A4BB475C77"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Thijs Alkemade <thijs@xnyhps.nl>
In-Reply-To: <CF1E56C5.38F45%jhildebr@cisco.com>
Date: Mon, 10 Feb 2014 20:25:36 +0100
Message-Id: <B671D7DA-CE9A-4A2C-8EDE-BF94F5F6FE82@xnyhps.nl>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <CF1A4928-54B5-4A95-9A4B-0EC572A3CDBD@cisco.com> <CF1E56C5.38F45%jhildebr@cisco.com>
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
X-Mailer: Apple Mail (2.1827)
Cc: Ben Campbell <ben@nostrum.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 19:25:49 -0000

On 10 feb. 2014, at 18:15, Joe Hildebrand (jhildebr) <jhildebr@cisco.com> wrote:

> On 2/7/14 8:13 AM, "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com> wrote:
> 
>> I have a couple of ludicrous s2s attacks on mind, but more important I
>> think is doing what
>> 
>> Mobile/terse. DYAC.
> 
> Yes, well that was even more terse than normal.  I was going to say
> something about generating less-guessable IDs that don't eat up much
> entropy.  For example:
> 
> start = sha1(crytpo_rand())
> start+1 = sha1(start)
> 
> would probably do nicely.

Uhm. Maybe this email is missing a line again, but if you use those values as
'id's directly, they will not be unpredictable at all, as anyone who receives
an <iq/> can generate the rest of the chain.

However, if you make sure the 'id' values are only half the hashes, it should
be unpredictable unless an attacker is willing to spend an insane amount of
work.

So:

start = sha1(crytpo_rand())
start+1 = sha1(start)
...

id1 = start[0:10]
id2 = start+1[0:10]
…


Thijs