Replay attacks vs man in the middle

Imran Ghory imranghory at
Fri May 20 05:32:50 PDT 2005

On 5/20/05, Sam Ruby <rubys at> wrote:

> Having a server issue a something unique to include in the data to be
> signed addresses replay attacks.  As long as it is extremely unlikely
> that the server will issue the same data again, the knowledge that the
> listener gains is effectively useless.  This design could be improved by
> having the server issue the openid.timestamp, and verify that the
> timestamp returned was the one that the server initially provided.

I was about to post a message saying essentially the same thing,
however using the timestamp id is a bad idea as an attacker could just
launch a simultaneous attack and succeed. It is convention in
cryptographic protocols to use a nonce in such situation, essentially
a random number which is uninfluencable by external factors. That way
you reduce the chance of attack significantly more.

Also I believe the reason for including timestamp is to ensure
freshness but there doesn't seem to be anything in the protocol which
actually verified the date/time is recent ?


More information about the yadis mailing list