tags:

views:

189

answers:

1
Q: 

Could validationKey and decryptionKey be found by brute force from encrypted cookie value?

I am using the following code to generate an encrypted token:

var ticket = new System.Web.Security.FormsAuthenticationTicket(
    2, 
    "", 
    DateTime.Now, 
    DateTime.Now.AddMinutes(10), 
    false, 
    "user id here");
var cipherText = System.Web.Security.FormsAuthentication.Encrypt(ticket);

This code uses the key and algorithm specified in app/web.config :

<system.web>
    <machineKey validationKey="SOME KEY" 
                decryptionKey="SOME OTHER KEY" 
                validation="SHA1" />
</system.web>

Now suppose I give the cipher text thus generated to a partner. Is he capable of brute forcing:

  1. The value that is stored in the cipher (the user id which does not represent sensitive information and it doesn't bother me much)
  2. The value of the validationKey and decryptionKey used to create the cipher (this would be catastrophic because he would be capable of generating tokens and impersonating any user)

I suppose the answer to both questions is yes, but how realistic his chances are and do you think giving him the cipher would represent a security threat to my system? Thanks in advance for your responses.

+4  A: 

What you describe here is a known plaintext attack. The attacker learns both plaintexts and the corresponding ciphertexts and his goal is to find the keys. Modern ciphers are designed to be secure against this kind of attacks.

In fact any modern cipher is designed to be secure against even stronger attacks such as chosen plaintext attacks and chosen cipher text attacks. Even if the attacker is allowed to choose plaintext and corresponding ciphertext or choose any number of ciphertexts and learn the decryption of it, then he/she should still not be able to learn the key.

This makes designing a new cipher very hard. But fortunately, we already have good ciphers such as AES.

I should also add that all the attacks above assume that the attacker knows all the details of the cipher that is used. The only thing he does not know is the key that is used. This is known as Kerkhoff's principle.

Accipitridae  2009-05-14 08:25:32
@Accipitridae, thanks for this informative answer.
Darin Dimitrov  2009-05-14 08:49:06

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?