Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re: Is this a secure way to prevent cookie tampering

by Anonymous Monk
on Jun 29, 2004 at 16:43 UTC ( #370543=note: print w/replies, xml ) Need Help??

in reply to Is this a secure way to prevent cookie tampering

Several people have pointed out that it's better to store an opaque id in the cookie, and they are right. However, the cryptography is also somewhat interesting. Your approach is vulnerable to a bit-flipping attack, which lets someone make certain modifications to the cookie even if they can't decrypt it. This is an inherent problem with CBC mode, and Crypt::CBC makes it easily exploitable.
use Crypt::CBC; my $cbc = Crypt::CBC->new("Blowfish"); my $msg = $cbc->encrypt("foo"); print $cbc->decrypt($msg), "\n"; my $msg2 = $msg ^ (("\0" x 8) . "\4"); print $cbc->decrypt($msg2), "\n"; __OUTPUT__ foo boo
Notice that I XORed the IV embedded in the ciphertext with 4, and that resulted in the decrypted plaintext being XORed with 4 as well. Combine this with Tweaking CRCs and you can undetectably alter the first few bytes of the cookie.

I second the recommendation for proper MACs like Digest::EMAC or Digest::HMAC. You can easily get bitten if you try to cook up your own ad-hoc scheme with CRC.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://370543]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (7)
As of 2020-07-09 20:54 GMT
Find Nodes?
    Voting Booth?

    No recent polls found