My notes when reading
Real-World Cryptography
- Pre-image resistance: Given digest, can not find input
-
Second pre-image resistance: Given input, digest, can not find another
input produce same digest. Small change to input make digest big change.
- Collision resistance: Can not find 2 input produce same digest.
- A send B message with MAC (generate from message and A key).
-
B double check message with MAC (generate from receive message and B
key).
- A and B use same key.
sequenceDiagram
participant alice
participant bob
alice ->> bob: send alice, mac(secret_key_alice, alice)
bob ->> bob: compare mac(secret_key_alice, alice) with mac(secret_key_bob, alice)
-
Prevent forgery: without secret_key, can not generate MAC even if
knowing a lot of alice and mac(secret_key, alice),
- Prevent collisions: keep MAC long enough (256-bit),
-
Replay attacks: send transaction 2 times with perfectly MAC and u know
why -> instead of mac(secret_key, alice), use
counter as mac(secret_key, counter, alice).
-
Verify must be done in constant time: if not, probaly
return error the moment the bytes differ -> attacker recreate byte by
byte by measuring how long -> timing attacks
Constant time comparision:
for i := 0; i < len(x); i++ {
// Use XOR instead of compare x[i] == y[i]
// If x[i] == y[i] -> XOR is 1
// Otherwise XOR is 0
v |= x[i] ^ y[i]
}
// v == 1 means all XOR is 1 means x == y
Use for:
-
Integrity: because MAC ensure no one can tamper with message without
noticing
sequenceDiagram
participant alice
participant bob
alice ->> bob: send username, password
bob -->> alice: return alice|mac(secret_key, alice)
alice ->> bob: send alice|mac(secret_key, alice)
bob -->> alice: return OK
alice ->> bob: send bob|mac(secret_key, alice)
bob -->> alice: return ERROR
HMAC is MAC using hash