<div dir="ltr"><div class="gmail_default">I've not looked into the Erlang use of the key, I'm only commenting on the use of MD5 sums ...</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">MD5 effectively "normalizes" the input to a discrete output space, by design, as the output length/set is finite.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">If MD5 is weak to hash-collisions (which it is, relatively) then I don't need to spray the cluster with a single discrete value to get the command accepted - the range of possibilities goes from "1" to "N" where "N" is the discrete (but yet unknown) set of values which produce the collision.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">You may have used a super high-tech and secure 2048-bit key but if it just happens to collide with "password" then it'll be found relatively quickly.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Again, haven't looked at Erlang code to see how it's actually used in the context of this discussion.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">-mox</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jun 11, 2016 at 2:54 PM, Per Hedeland <span dir="ltr"><<a href="mailto:per@hedeland.org" target="_blank">per@hedeland.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Ulf Wiger <<a href="mailto:ulf.wiger@gmail.com">ulf.wiger@gmail.com</a>> wrote:<br>
><br>
>We should be able to agree that:<br>
><br>
>- the cookie strategy and challenge aren’t necessarily broken in principle<br>
>- the MD5 hash is a weakness which could be addressed<br>
>- using TCP opens up for eavesdropping and MITM attacks<br>
>- the biggest weakness is the (human) practice of using hard-coded simple cookies for convenience<br>
>- little (albeit some) support exists for applying a more sophisticated cookie management strategy<br>
>- The simplest advice to heed is “don’t expose your dist ports to strangers"<br>
<br>
I can agree to all of that, except that I'm not sure that the "weakness"<br>
of MD5, which pertains to its ability to produce a digest of a cleartext<br>
that can't be reproduced by applying it to a different cleartext, even<br>
when the original cleartext is known (i.e. the case of using a digest +<br>
signature to ensure integrity), is significant in this particular<br>
context. And unfortunately that's the only one of your points that<br>
addresses the security of the cookie authentication mechanism as such...<br>
<div class=""><div class="h5"><br>
--Per<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div></div>