Replay attacks vs man in the middle
imranghory at gmail.com
Fri May 20 09:53:35 PDT 2005
On 5/20/05, Brad Fitzpatrick <brad at danga.com> wrote:
> The DSA signature with timestamp is there so consumers who DO care about
> freshness can use the timestamp to make sure a signature was issued only
> in the past $n minutes. And because the signature as a whole was signed
> using a random number, the entire signature itself is a nonce, so the
> consumer site can prevent replay attacks by just not accepting that digest
> ever again.
> That said, am I still missing something?
The problem with that is that the consumer site has to keep a record
of every single digest. The advantage of a nonce is that it fixes the
problem while not requiring a database to store all of the digests and
hence makes it significantly cheaper to implement securely.
More information about the yadis