OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue 137 - Digest Order Rationale

In the Username Token Profile around line 143 insert:

Note that the secret is put at the end of the input and not the front. 
This is because the output of SHA-1 is the function's complete state
at the end of processing an input stream.  If the input stream  happened
to fit neatly into the block size of the hash function, an attacker could
extend the input with additional blocks and generate new/unique hash values
knowing only the hash output for the original stream.   

If the secret is at the end of the stream, then attackers are prevented
from arbitrarily extending it -- since they have to end the
input stream with the password which they don't know.

Similarly, if the nonce/created was put at the end, then an attacker
could update the nonce to be nonce+created, and add a new created time
on the end to generate a new hash.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]