[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[circle] Security problem
|
From: |
Paul Campbell |
|
Subject: |
[circle] Security problem |
|
Date: |
Thu, 30 Sep 2004 15:42:13 -0700 |
|
User-agent: |
Mutt/1.5.6i |
I was going through the node code again and noticed a major security problem.
At least by my understanding, it appears that "replay attacks" are essentially
harmless as the DHT code caches previous responses anyways and simply gives
the same response.
However, somewhat more insidious, it appears to be fairly trivial to spoof
messages. Every call includes a nonce to help separate out different RPC's.
the RPC's are numbered SEQUENTIALLY. The counter is in Node.call_no. The
problem is that spoofing becomes fairly easy by simply accessing the raw
packet interface and sticking in the appropriate IP information. What is
needed here is to insert a cryptographically secure (non-guessable) sequence
such as using the output of a Blum-Blum-Shub generator. I could go on with
cryptographic signing, etc., etc., but at least this one trivial attack should
be easy to fix.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [circle] Security problem,
Paul Campbell <=