Replay attacks vs man in the middle
imranghory at gmail.com
Fri May 20 05:32:50 PDT 2005
On 5/20/05, Sam Ruby <rubys at intertwingly.net> wrote:
> Having a server issue a something unique to include in the data to be
> signed addresses replay attacks. As long as it is extremely unlikely
> that the server will issue the same data again, the knowledge that the
> listener gains is effectively useless. This design could be improved by
> having the server issue the openid.timestamp, and verify that the
> timestamp returned was the one that the server initially provided.
I was about to post a message saying essentially the same thing,
however using the timestamp id is a bad idea as an attacker could just
launch a simultaneous attack and succeed. It is convention in
cryptographic protocols to use a nonce in such situation, essentially
a random number which is uninfluencable by external factors. That way
you reduce the chance of attack significantly more.
Also I believe the reason for including timestamp is to ensure
freshness but there doesn't seem to be anything in the protocol which
actually verified the date/time is recent ?
More information about the yadis