[cryptography] Reflection Attacks in Challenge/Response Protocols

Natanael natanael.l at gmail.com
Sat Aug 24 10:08:22 EDT 2013

The client and the server shouldn't both generate responses exactly the
same way with the same key, no. If you use HMAC, I think including a simple
identifier would be good enough.  Something like this: HMAC(key, device ID
+ counter + timestamp), where the server and client has different IDs.
Den 24 aug 2013 09:32 skrev "Jeffrey Walton" <noloader at gmail.com>:

> Hi All,
> When a symmetric key based challenge response is used, an attacker can
> perform a reflection attack by starting a second instance of a
> protocol and having the server answer its own questions.
> To guard against the attack, is it sufficient to ensure all challenges
> sent from server to client are equal to 1 mod 2; and all client to
> server challenges are equal to 0 mod 2? Is it enough to break the
> symmetry?
> Jeff
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130824/f8f853ff/attachment-0001.html>

More information about the cryptography mailing list