A crypto library aimed at auditability
A crypto library aimed at auditability
Posted Jan 13, 2014 20:33 UTC (Mon) by luto (subscriber, #39314)In reply to: A crypto library aimed at auditability by Cyberax
Parent article: A crypto library aimed at auditability
It can be easily fixed by signing server's public key hash along with the nonce. That is a layering violation, and it shouldn't be necessary if the underlying layers work as they are designed to.
No, or at least not without great care. If the underlying layer guarantees that the client is talking to who it thinks it is, and the client signs a message saying "I'm XYZ", and the server receives a (validly signed) message saying "I'm XYZ", it does not follow that the client intended that message for the same server that's receiving it.
Remember, the attacker's server can violate the protocol and send a nonce that came from somewhere else, unless the underlying protocol provides some specific mechanism to prevent this, such as session-specific key material