[erlang-questions] Erlang cookies are secure

Per Hedeland per@REDACTED
Sun Jun 12 14:58:19 CEST 2016


Mike Oxford <moxford@REDACTED> wrote:
>I've not looked into the Erlang use of the key, I'm only commenting on
>the use of MD5 sums ...
>
>MD5 effectively "normalizes" the input to a discrete output space, by
>design, as the output length/set is finite.

Yes, this is obviously true of all digest algorithms.

>If MD5 is weak to hash-collisions (which it is, relatively) then I don't
>need to spray the cluster with a single discrete value to get the command
>accepted - the range of possibilities goes from "1" to "N" where "N" is the
>discrete (but yet unknown) set of values which produce the collision.
>
>You may have used a super high-tech and secure 2048-bit key but if it just
>happens to collide with "password" then it'll be found relatively quickly.
>
>Again, haven't looked at Erlang code to see how it's actually used in the
>context of this discussion.

OK, but even from just following the discussion, it should be clear that
the authentication isn't done by sending the MD5 of only the cookie,
which your reasoning seems to assume - this would be completely
pointless, as it would be basically equivalent to sending the cookie
itself from a security perspective.

Google "digest authentication" to find examples of the general
principle.

--Per



More information about the erlang-questions mailing list