[OWASP 2021] - Add new A2 - Cryptographic Failures #530
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
October 29, 2021 02:15
|
This pull request introduces 7 alerts when merging 65ec17d into 725db1c - view on LGTM.com new alerts:
|
|
This pull request introduces 7 alerts when merging b945a83 into 7b00ccd - view on LGTM.com new alerts:
|
henriporto
reviewed
Nov 20, 2022
| <img src="images/attack1.png"/> | ||
| </p> | ||
|
|
||
| As both files have the same 33 first bits, this can be some sort of signature that is reusing nonces. Since people that make video games like a lot of DSA based schemes (ref. PlayStation 3), then we can try a nonce reuse exploit with this signature scheme. |
henriporto
reviewed
Nov 20, 2022
|
|
||
| ## PR solutions | ||
|
|
||
| [Spoiler alert 🚨 ] To understand how this vulnerability can be mitigated, check out [these pull requests]! |
There was a problem hiding this comment.
[Spoiler alert 🚨 ] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22mitigation+solution+%F0%9F%94%92%22+label%3A%22Nginpex+Legends%22)!
henriporto
reviewed
Nov 20, 2022
|
|
||
| As both files have the same 33 first bits, this can be some sort of signature that is reusing nonces. Since people that make video games like a lot of DSA based schemes (ref. PlayStation 3), then we can try a nonce reuse exploit with this signature scheme. | ||
|
|
||
| On file `exploit.py` we can see a full exploit to this failure. The explanation is that if we reuse a nonce `k` with the same private key, we will produce, for two messages `z1` and `z2` two signatures `sig(z1) = (r, s1)` and `sig(z2) = (r, s2)` and then we can do some math tricks to recover the secret from the private key. Where n is the order of the elliptic curve: |
There was a problem hiding this comment.
It might be interesting to add some link that explains ECDSA. This way we will make it clear what is necessary to know for this exercise and nobody will get lost.
ex: https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New Vulnerable Application
Created a new vulnerable application for the secDevLabs.
The vulnerability in the application is based on the OWASP Top 10 2021 - A2 Cryptographic Failures. Examples for performing vulnerability testing are in PR's README.md.
Issue
#525