255 again has all data to tamper with the counter; and obviously |
255 again has all data to tamper with the counter; and obviously |
256 we also cannot encrypt the key, lest we can solve a |
256 we also cannot encrypt the key, lest we can solve a |
257 chicken-and-egg problem). So encryption seems to not solve the |
257 chicken-and-egg problem). So encryption seems to not solve the |
258 problem we face with the integrity of our counter. |
258 problem we face with the integrity of our counter. |
259 |
259 |
|
260 Fortunately, \emph{hash function} seem to be more suitable for |
|
261 our purpose. Like encryption, hash functions scrambles data |
|
262 but in such a way that it is easy to calculate the output of a |
|
263 has function from the input. But it is hard (i.e.~practically |
|
264 impossible) to calculate the input from knowing the output. |
|
265 Therefore has functions are often called one-way functions. |
|
266 There are several such hashing function. For example SHA-1 |
|
267 would has the string \pcode{"hello world"} to |
|
268 |
|
269 \begin{center} |
|
270 \pcode{2aae6c35c94fcfb415dbe95f408b9ce91ee846ed} |
|
271 \end{center} |
|
272 |
|
273 \noindent Another handy feature of hash functions is that if |
|
274 the input changes a little bit, the output changes |
|
275 drastically. For example \pcode{"iello world"} produces under |
|
276 SHA-1 the output |
|
277 |
|
278 \begin{center} |
|
279 \pcode{d2b1402d84e8bcef5ae18f828e43e7065b841ff1} |
|
280 \end{center} |
|
281 |
|
282 \noindent That means it is not predictable what the output |
|
283 will be from input that is ``close by''. |
|
284 |
|
285 We can use hashes and store in the cookie the value of the |
|
286 counter together with its hash. We need to store both pieces |
|
287 of data such we can extract both components (below I will just |
|
288 separate them using a \pcode{"-"}). If we now read back the |
|
289 cookie when the client visits our webpage, we can extract the |
|
290 counter, hash it again and compare the result to the stored |
|
291 hash value inside the cookie. If these hashes disagree, then |
|
292 we can deduce that cookie has been tampered with. |
|
293 Unfortunately if they agree, we can still not be entirely sure |
|
294 that not a clever hacker has tampered with the cookie. The |
|
295 reason is that the hacker can see the clear text part of the |
|
296 cookie, say \pcode{3}, and its hash. It does not take much |
|
297 trial and error to find out that we used the SHA-1 hashing |
|
298 functions and then graft a cookie accordingly. This is eased |
|
299 by the fact that for SHA-1 many strings and corresponding |
|
300 hashvalues are precalculated. Type into Google for example the |
|
301 hash value for \pcode{"hello wolrd"} and you will actually |
|
302 pretty quickly find that it was generated by \pcode{"hello |
|
303 wolrd"}. This defeats the purpose of a hashing functions and |
|
304 would not help us for our web-applications. The corresponding |
|
305 attack is called \emph{dictionary attack}\ldots hashes are not |
|
306 reversed by brute force calculations, that is trying out all |
|
307 possible combinations. |
|
308 |
|
309 |
|
310 There is one ingredient missing, which happens to be called |
|
311 \emph{salt}. The salt is a random key, which is added to the |
|
312 counter before the hash is calculated. In our case we need |
|
313 to keep the salt secrete. |
|
314 |
|
315 \begin{figure}[p] |
|
316 \lstinputlisting{../progs/App3.js} |
|
317 \end{figure} |
260 |
318 |
261 |
319 |
262 |
320 |
263 |
321 |
264 Note ....NYT |
322 Note ....NYT |