[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [tinydtls-dev] Secure Random Number Generator ?
|
Hello,
a cryptographically weak Cookie could possibly enable a Denial Of Service(DOS) attack by this meta-algorithm:
1.) Attacker performs legitimate Hello Handshake;gets cookie CK1 in the process
2.) Because the Cookie is crypto-weak, the attacker can guess then next n Cookies CK[n]=f(CK1,n)
3.) Attacker floods target using CK[2]...Ck[1000000]
4.) DOS objective achieved.
Or in other words: If you have Cookies to defend against DOS attacks, the Cookies must be strongly pseudo-random or your entire premise of "DOS defence" breaks down.
Kind regards
Frank Gerlach
-----Original Message-----
From: tinydtls-dev-bounces@xxxxxxxxxxx [mailto:tinydtls-dev-bounces@xxxxxxxxxxx] On Behalf Of Olaf Bergmann
Sent: Wednesday, May 11, 2016 4:05 PM
To: Raul Fuentes <ra.fuentess.sam+tinyDTLS@xxxxxxxxx>
Cc: tinydtls developer discussions <tinydtls-dev@xxxxxxxxxxx>
Subject: Re: [tinydtls-dev] Secure Random Number Generator ?
Raul Fuentes <ra.fuentess.sam+tinyDTLS@xxxxxxxxx> writes:
> > Shouldn’t Cookies also be generated by a Crypto-Secure PRNG ?
>
> Yes!
>
> AH!
> So, the current behavior of TinyDTLs when adding the time to the
> flights is intentional ? I'm going to need to rewrite some parts of my
> papers :)
Not being a crypto expert, I am not sure how _good_ a crypto required for Cookie generation must be. But my gut feeling is that when you use only one encryption key for all operations, the added salt should use as much entropy as possible.
Grüße
Olaf
_______________________________________________
tinydtls-dev mailing list
tinydtls-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/tinydtls-dev
