![]() Recreate the attack, with the following steps:Ĭreate a random AES-128 key (which is just a random string of 16 bytes), and choose two arbitrary messages. With these two custom implementation of the one-pass HMAC and CBC-MAC, you can recreate the two well-known length extension forgery attacks.Ĥ Practical work: recreation of known MAC forgery attacks 4.1 CBC-MAC concatenation attackĬBC-MAC is insecure if used with variable length messages. , takes only the last 16 bytes of the resulting CBC encryption, that corresponds to the last 128-bit block of it. Where a zero initializacion value is used, as specified in the definition of CBC-MAC, and the fileĬontains the hexadecimal representation of the binary file $ openssl enc -aes-128-cbc -K `cat hexkey.dat` -iv 0 -in message.dat | tail -c 16 > tag.dat Similarly, you can just use encryption in CBC mode to obtain a CBC-MAC implementation, by just selecting the last ciphertext block as the tag.įor instance, the AES-128-CBC-MAC tag of the file Here, from the binary files containing the key and the message, the computed tag is saved in the file $ cat key.dat message.dat | openssl -dgst -md5 -binary > tag.dat The simplified version of HMAC, that computes the tag of a message m as only the hash of the concatenation of the key and the message itself, can be implemented with a single call to the command line tool: Insecure MAC designs like CBC-MAC for arbitrarily long messages or the naïve “one-pass” HMAC (a simplification of the actual HMAC) are not directly implemented in OpenSSL, but they can be built from the implemented hashes and ciphers. $ echo -n 'Hello world!' | openssl dgst -mac hmac -md5 -macopt hexkey:$mykey The key can be also specified in hexadecimal representation with a syntax similar to the CMAC example: Option, and there is no restriction on its size (because of the flexible specification of the algorithm HMAC). Here, the key is specified, as an ASCII string, in the $ echo -n 'Hello world!' | openssl dgst -hmac "My secret key" The use of HMAC is simpler, because it is the default choice for a MAC algorithm in OpenSSL. Produces binary output, and it is converted to a printable representation with ![]() $ openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$mykey -binary foo.dat | xxd If you want to compute the CMAC of a file (not the standard input), you only need to provide the filename: The length of the key must match the one required by the specified block cipher. Is used to specify the parameters of CMAC, like the block cipher and the key, with the syntax $ echo -n 'Hello world!' | openssl dgst -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$mykey Some well-known message authentication codes, like CMAC or HMAC, are implemented in OpenSSL.įor instance, you can compute the CMAC of a message with the following command: In that case, you will need the corresponding C header files, that can be installed in your computer from the OpenSSL development package, withįor instance, the header file for the MD5 implementation can be accessed in your C program with You can also select other (more secure) hash functions by replacingĪnother way to use hash functions with OpenSSL is directly accessing their implementation in the OpenSSL libraries from your C or C++ programs. Produces a printable hexadecimal output). ) that produces different output formats (e.g., ![]() Is in binary format, and in the example it is processed by $ echo -n 'Hello world!' | openssl dgst -md5 -binary | xxdĬomputes the MD5 value corresponding to the ASCII string “Hello world!”. Will produce a list of all the files in the working directory along with with their corresponding hashes. You can also compute the different hash values for a collection of files. Probably the last one needs the installation of extra packages.Īnother example of use of the previous command isĬorresponding to the MD5 value of the empty file. Similar commands exist for the other common hash functions, like It uses the hash function MD5 (nowadays considered insecure) to compute the digest of the file foo.dat and output the result in a printable (text) format. In a typical Linux installation, the following command line tools compute the hash digest of a file: The most commonly used hash functions are probably implemented in any personal computer. 2 Using Message Authentication Codes in OpenSSLĤ Practical work: recreation of known MAC forgery attacksĤ.2 One-pass HMAC length extension attackĥ Practical work: Building Merkle hash trees 1 Using hash functions in practice
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |