[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

emscrypt and replay attacks



Rick Campbell writes:

>>     P.S. I have an alpha version of a program which may be of interest to
>>     technomads: it automatically executes scripts received by email from a
>>     remote machine and then mails back the results.  The scripts (shell
      ... 
> 
> Does your mechanism do anything to prevent replay attacks?
> 
> 			Rick

Alan apparrently forwarded my message from technomads to cypherpunks,
but since I'm on cypherpunks too, I got this message.  Anyway, yes it
does have a simple replay attack prevention mechanism.  It keeps track
of the most recent time and date stamp from the PGP signature info and
refuses to executed any message that doesn't have a stamp more recent
than previously executed script.  This simple mechanism can cause
unwanted rejection if scripts are received out of order, but multiple
scripts can be batched into a single message to help overcome this.

See the following URL for a discussion of known limitations and security
concerns with emscrypt:

  http://www.bmen.tulane.edu/~carpente/emscrypt/emscrypt_doc.html#limits


--Matt

--
[email protected]    PGP mail preferred, finger for public key.