Bug 8584 - CVE-2011-3414 not fixed
Summary: CVE-2011-3414 not fixed
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Web (show other bugs)
Version: master
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-11-24 13:01 UTC by Julian Taylor
Modified: 2012-11-24 13:17 UTC (History)
1 user (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Julian Taylor 2012-11-24 13:01:48 UTC
hello,
I think CVE-2011-3414 is not really fixed in mono, the "secure" hash still allows to trivially create infinite collisions.
You attempted to fix it in this commit:
https://github.com/mono/mono/commit/2ab1a051058fee5ea3aec2e071fba7000b693488

the algorithm looks like DJB31A were collisions can be created from any string with bytes x and y by changing them to x - 1 and y + 31
(to get infinite number of collisions you need to adapt that for integer overflows)

this method is completely independent of the seed.

note that python made a similar mistake in their fix, see http://bugs.python.org/issue14621
a proposed solution is to use siphash
Comment 1 Julian Taylor 2012-11-24 13:17:28 UTC
the seed does determine when the overflow occurs, which you need to know it to create more collisions
but as with this algorithm the integers overflows after 6-15 iterations you can very likely just guess this from the response times of the server in very few tries.

Note You need to log in before you can comment on or make changes to this bug.