On Fri, 19 Mar 2004, David Woodhouse wrote:
On Fri, 2004-03-19 at 17:51 -0500, Stuart D. Gathman wrote:
What is the algorithm? I am using a Python translation of MAIL::SRS 0.30.
I thought I saw some code in there to handle case folding, but I
don't see how to use it.
More specifically... on generation of an SRS address we force the text
being hashed to lowercase before hashing -- but include it in the
original case in the SRS address. We do likewise on receipt of a
potential SRS address. We also accept [Ss][Rr][Ss] at the beginning of a
received SRS address, and force the hash extracted from the received
address to lowercase before comparing it with the hash computed from the
remainder of the received address.
It turns out pysrs does this too. The SRS signed user was in fact invalid! I
checked that case folding a valid SRS signed address does in fact reverse
correctly. (And added this to unit tests.)
More interesting, I am getting a pile of attempted bounces to lowercase SRS
signed users - each with a different combination in the hash. Someone is
repeating a timestamp, and trying lots of combinations of hashes to try and
find a good one - and counting on the case folding to reduce combinations I
guess. I am using hashlength=8, so I don't think this will be very successful
other than annoying my milter. The attempts are from AOL and YAHOO.
The hash values seem to be random, rather than sequential. I am getting
them on all of the mail servers and domains I manage.
I guess this means spammers are taking notice of SRS, and seem to be
planning on a brute force attack.
Suggestion, the attack is able to reuse the timestamp code to attack
multiple SRS protected sites. Perhaps the timestamp should have a site
specific offset - perhaps based on the secret.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Very few of our customers are going to have a pure Unix
or pure Windows environment." - Dennis Oldroyd, Microsoft Corporation