RE: Encrypted cookies

["Brokken, Allen P." <BrokkenA () missouri edu>]

Since the hash vector is username, password, and date it's fairly easy
to do known plaintext+ciphtertext attacks against the cookie to learn
what the actual algorithm is for creating the cookie. Once you've got
that you should be able to do pretty much anything you want to crack the
app itself. 

You mention a long story, so I won't go on about the dangers of
developers rolling their own auth/crypto/session management rather than
using something trusted.  This clearly has layer 8 or 9 issues involved.

An alternate approach might be to offload the authentication/generation
of the cookie to a known good and security tested system like Shibboleth
rather than rolling their own authentication/authorization.  It does
things similarly, but isn't relying on the developer to have figured out
the best way to generate these things and keep them secure.

Another alternative would be to consider basic authentication with SSL.
It's not pretty, and has its own issues, but again isn't dependent on
the end developer rolling all their own auth/crypto.

Allen Brokken, Principal Systems Security Analyst
Information Security and Account Management
Division of Information Technology, University of Missouri
brokkena () missouri edu (573)884-8708


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ron
Sent: Thursday, January 10, 2008 10:26 AM
To: webappsec () securityfocus com
Subject: Encrypted cookies

Somebody here is developing a Web application that requires user logins,

but that is unable to store session information on the server (don't ask

me why, it's a long story). So here's what they propose: to take the 
username, hash of the password, and date the user logged in, encrypt 
them with a strong encryption algorithm, and store them in a cookie 
(along with a hash to ensure integrity).

My question is, assuming a proper encryption algorithm/eky are chosen, 
can anybody think of a problem that this will create that sessions don't

already have (namely, replay attacks)?

I've thought about this for over a day, and I can't think of any obvious

problems, but I could be missing something.

Thanks!

Ron

------------------------------------------------------------------------
-
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? Download
this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-


-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------