top of page

Working Mothers

Public·21 members
Joseph Howard
Joseph Howard

Asd123 ((BETTER))

Consider a bank with a message format "username;command". If you wanted to make a one-time transfer to me, the command the system produced for you would look like this: "Dave;Transfer $10 to ZeroOne". Now, anyone could produce messages like that and seriously mess up that bank! OK, so add a password? "Dave;asd123;Transfer $100 to ZeroOne". Little better, but if anyone intercepted that message, or spied your username and password, it's no better than before. The command could also be changed from "Transfer $10 to ZeroOne" to "Transfer $1000 to ZeroOne" and nobody would notice until after I would've spent that extra money already. ;)



A MAC would protect the authenticity (it was sent by Dave) and the integrity (it wasn't changed on its way) of the message. Let's change the protocol to "username;command;MAC". You see I've removed the password -- it's now actually a part of the MAC. The MAC could be formed by calculating a hash over all the fields of the message and the password. So for the sake of simplicity let's take an MD5 hash (don't use it in real life, it's not considered cryptographically secure anymore!). You would calculate a hash of the string "Dave;Transfer $10 to ZeroOne;asd123" and end up with "ce55ff1f69399f2f09adaee03d51e3cb". To the wire, you'd send the message "Dave;Transfer $10 to ZeroOne;ce55ff1f69399f2f09adaee03d51e3cb"! Now, I don't have the computing resources to reverse an MD5 hash to figure out that the secret is "asd123" so I cannot tamper the message.

The server receiving the message, however, has a trivial task of looking up that Dave's secret is "asd123", calculating the expected hash, and noticing that it matches the received hash so the message must have been sent by Dave and it must not have been altered after Dave "signed" it. (Notice again that the password should be much longer than "asd123", say, 20 characters or more.) 041b061a72


Welcome to the group! You can connect with other members, ge...


bottom of page