Bugtraq mailing list archives

Re: VNC authentication weakness

From: Mike Porter <mike () UDel Edu>
Date: Tue, 30 Jul 2002 12:25:37 -0400 (EDT)

To be more specific, there are two things you need in a challenge
value:  uniqueness and unpredictability.  Lack of uniqueness allows an
attacker to replay a past response to a future challenge.  Predictability
allows an attacker to pre-fetch a correct future response from one of the
parties.

A counter provides perfect uniqueness (up to its maximum range) but easy
predictability.  A physical random source provides great unpredictability


A counter is acceptable if it and a value from the entropy pool are
run through MD5 or SHA1.  The "seed" or current state of the
entropy pool must of course be kept in a secure fashion and not
revealed.  You must not ever re-issue a challenge, etc.  The
counter must be used properly and not allowed to wrap without some
sort of reseeding operation.  Otherwise, you will violate the
previous condition.

I have hardly covered all the points.  A good paper seems to be:
http://www.counterpane.com/yarrow.html.

Mike

Current thread:

Re: VNC authentication weakness, (continued)
- - Re: VNC authentication weakness Constantin Kaplinsky (Jul 26)
- Re: VNC authentication weakness Andreas Beck (Jul 25)
  - Re: VNC authentication weakness David Wagner (Jul 25)
    - Re: VNC authentication weakness Mitch Adair (Jul 26)
    - Re: VNC authentication weakness Jose Nazario (Jul 26)
    - Re: VNC authentication weakness Ariel Waissbein (Jul 27)
- RE: VNC authentication weakness Andrew van der Stock (Jul 26)
- Re: VNC authentication weakness Kragen Sitaker (Jul 28)
  - Re: VNC authentication weakness Theo de Raadt (Jul 29)
    - Re: VNC authentication weakness Nate Lawson (Jul 29)
    - Re: VNC authentication weakness Mike Porter (Jul 30)
  - Re: VNC authentication weakness David Wagner (Jul 29)
    - Re: VNC authentication weakness David Malone (Jul 30)