| From: | "Hamlin, Garick L" <ghamlin(at)isc(dot)upenn(dot)edu> |
|---|---|
| To: | Konstantin Knizhnik <k(dot)knizhnik(at)postgrespro(dot)ru> |
| Cc: | Andreas Karlsson <andreas(at)proxel(dot)se>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: libpq compression |
| Date: | 2019-02-11 15:10:54 |
| Message-ID: | 20190211151051.GA18279@isc.upenn.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Feb 11, 2019 at 05:56:24PM +0300, Konstantin Knizhnik wrote:
>
> Also such attack is possible only if session_id can be somehow "guessed". If
> it is just big random number, then it is very unlikely that it can be hacked
> in in this way.
I am not arguing against compression, but this point isn't exactly true.
The _uniformity_ of the key makes a big difference in the practicality of
the attack, not the total entropy.
For example, if the session_id was a 128 bit hex string and I knew or
guessed the characters before the secret part and could send data that ended
up near the secret then I can guess one character at a time and infer
the guess is correct when the size of the packet gets smaller. IOW, I
really only have to guess with 1/16 odds each digit (because its a hex
string in this example).
In the case, the 128 bit secret only provides the effective protection
of an 8-bit secret because it can be guessed left to right 4 bits at a
time.
Garick
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitry Vasiliev | 2019-02-11 15:36:00 | Re: Logical replication and restore from pg_basebackup |
| Previous Message | Konstantin Knizhnik | 2019-02-11 14:58:34 | Re: libpq compression |