ietf-822
[Top] [All Lists]

Re: a header authentication scheme

2004-10-22 04:29:08

Laird Breyer writes:
On Oct 21 2004, Arnt Gulbrandsen wrote:
 I guess I wasn't clear. Sorry. Let me try again.

1. Quoting the time isn't good. If I'm allowed 150 tries and can bounce some mail off your server to read the bounce messages, I can guess when you'll process a message.

Ah, I think I understand your point. You could use 150 bounces as tracers, to compute an estimate of the processing time: e.g. send a test message designed to bounce, containing the time that the SMTP transaction was initiated, and later read back the timestamp which was added. Then do a regression line estimate. Something like that could probably work, although a proof of concept would be nice.

Give me an address and I can try.

Step 1. I'd send five messages to nosuchuser(_at_)do(_dot_)ma(_dot_)in and wait for the bounces. For each of them, I'd compute the delay from my sending time (using my clock) to the receiving MTA's receive time. Next, I'd average the five values.

Step 2. I'd send the target a hundred messages or so, with a hundred guesses centered around the average computed in step 1.

Assuming that 80% of mail from me to the target are delivered within the range [t-50,t+50> seconds, I'd have an 80% chance of success.

A more sophisticated attack would use more initial probes and vary the number of guesses based on the spread of the probed delays.

Should I bother to do it, or is the description persuasive? ;)

In another post, I mentioned possibly extending the RFC 2822 date-time stamp to include microseconds. Would that be sufficient protection against such a timing attack, or would Moore's law render this useless over time?

Microseconds would help, since it's harder for the attacker to cover the likely correct answers. But it's only provides three digits. If the ID is used, the recipient can add unguessable entropy to taste, without requiring RFC2822 changes.

2. Quoting the "with" ID may provide protection, depending on whether the ID is guessable.

Yes. From the RFC, this is optional. Do you know any good reasons why the ID
might not be added to a Received line sometimes?

I don't know any good reason. If it matters, MTA authors quickly add one.

Arnt