Archive for October, 2009

Why Cryptography is Easy to get Wrong!

October 1, 2009 Leave a comment

I have often read that cryptography and especially cryptographic protocols are easy to get wrong. That is why it is never recommended that you implement your own cryptographic protocols or algorithms. I always just took this at face value until I was sitting in class the other day and we were talking about EKE. Look at the EKE diagram taken from here:


Where could an implementer of this protocol mess up? The first thing I noticed is a huge problem depending on the mode of operation chosen. Let’s say we are using AES-ECB. If C1 and C2 are each 128 bits long (the blocksize of AES) can you see how things would get messed up? More specifically, an intruder could impersonate Bob. To impersonate Bob, simply send random numbers in msg2 and then return the 128 bit block corresponding to the encrypted version of C2 from msg3 for msg4.

While some might be thinking “But who ever uses ECB?”. Well, I’m sure there are plenty of developers out there who have no idea what ECB even is who would use it. Furthermore since CBC, CFB, OFB, and CTR modes all require either an IV or a nonce, which this protocol block doesn’t specify, they might assume ECB was the intended mode since no IV is required. Even if the developer chose another mode, without knowing what IV/nonce to use, they might decide to just use a static IV which is the same on both client and server ends which would result in even more problems (easily impersonating Alice without knowing W).

The point is, there are so many little ways to mess up that have huge consequences. A few examples of this: WEP, SSL v2, and many more.

Categories: Cryptography