Security and Cryptography
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationSecurity and Cryptography
Reload this Page

Crypto Protocol Evaluation - Is this algorithm susceptible to a known plaintext attack?

Discuss Is this algorithm susceptible to a known plaintext attack? in the Security and Cryptography forum on Dev Shed.
Is this algorithm susceptible to a known plaintext attack? Security and Cryptography forum discussing issues related to coding, server applications, network protection, data protection, firewalls, ciphers and the like.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now!
  #1  
Old April 18th, 2008, 12:03 PM
jmossimo jmossimo is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 2 jmossimo User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 15 m 35 sec
Reputation Power: 0
Crypto Protocol Evaluation - Is this algorithm susceptible to a known plaintext attack?
Suppose we have two parties, A and B.
A sends a nonce, n1, to B.
B sends back a nonce, n2, and an authentication payload (hash), auth.

The authentication payload, auth, is:
pseudo-random-function (128-bit key, n1|n2)

The nonces ofcourse are random for each session.

The pseudo-random-function is a subset of SHA, usually SHA-256.

If the adversary has access to everything but the 128-bit key, is this protocol secure against known plaintext attacks?
Any help would be greatly appreciated.
Reply With Quote
  #2  
Old April 18th, 2008, 05:51 PM
AstroTux AstroTux is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2008
Posts: 115 AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 19 h 52 m 22 sec
Reputation Power: 10
Hi,

Is this a function you're deriving yourself, or a known function?

Is it supposed to be one-way or reversible? Your mentioning of SHA suggests one-way...

Best regards,
AstroTux.
Reply With Quote
  #3  
Old April 18th, 2008, 06:17 PM
jmossimo jmossimo is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2008
Posts: 2 jmossimo User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 15 m 35 sec
Reputation Power: 0
Hi Astro Tux,

The pseudo-random function is a known function, most likely to be SHA-256. And yes, it will be one-way. I hope this clarifies the problem statement.
Reply With Quote
  #4  
Old April 18th, 2008, 06:58 PM
fishtoprecords's Avatar
fishtoprecords fishtoprecords is offline
Contributing User
Click here for more information.
  
Join Date: Sep 2007
Location: outside Washington DC
Posts: 942 fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level)fishtoprecords User rank is Lieutenant Colonel (40000 - 50000 Reputation Level) 
Time spent in forums: 1 Week 3 Days 13 h 18 m 29 sec
Reputation Power: 419
I'm not seeing any value in the two nonces. You are passing them in the clear, as you say, you assume that Mallet has them. So the strength is just that of the key and your algorithm. The nonce values are just noise.
Reply With Quote
  #5  
Old April 18th, 2008, 07:28 PM
AstroTux AstroTux is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2008
Posts: 115 AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level)AstroTux User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 19 h 52 m 22 sec
Reputation Power: 10
Thanks for the clarification.

I don't quite understand the aim of this though...?

Best regards,
AstroTux.
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationSecurity and Cryptography > Crypto Protocol Evaluation - Is this algorithm susceptible to a known plaintext attack?

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway