-
Notifications
You must be signed in to change notification settings - Fork 428
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OWASP 2021] - Add new A2 - Cryptographic Failures #530
base: master
Are you sure you want to change the base?
Conversation
This pull request introduces 7 alerts when merging 65ec17d into 725db1c - view on LGTM.com new alerts:
|
This pull request introduces 7 alerts when merging b945a83 into 7b00ccd - view on LGTM.com new alerts:
|
<img src="images/attack1.png"/> | ||
</p> | ||
|
||
As both files have the same 33 first bits, this can be some sort of signature that is reusing nonces. Since people that make video games like a lot of DSA based schemes (ref. PlayStation 3), then we can try a nonce reuse exploit with this signature scheme. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same 33 first bytes
|
||
## PR solutions | ||
|
||
[Spoiler alert 🚨 ] To understand how this vulnerability can be mitigated, check out [these pull requests]! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[Spoiler alert 🚨 ] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22mitigation+solution+%F0%9F%94%92%22+label%3A%22Nginpex+Legends%22)!
|
||
As both files have the same 33 first bits, this can be some sort of signature that is reusing nonces. Since people that make video games like a lot of DSA based schemes (ref. PlayStation 3), then we can try a nonce reuse exploit with this signature scheme. | ||
|
||
On file `exploit.py` we can see a full exploit to this failure. The explanation is that if we reuse a nonce `k` with the same private key, we will produce, for two messages `z1` and `z2` two signatures `sig(z1) = (r, s1)` and `sig(z2) = (r, s2)` and then we can do some math tricks to recover the secret from the private key. Where n is the order of the elliptic curve: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be interesting to add some link that explains ECDSA. This way we will make it clear what is necessary to know for this exercise and nobody will get lost.
ex: https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages
New Vulnerable Application
Created a new vulnerable application for the secDevLabs.
The vulnerability in the application is based on the OWASP Top 10 2021 - A2 Cryptographic Failures. Examples for performing vulnerability testing are in PR's README.md.
Issue
#525