TransWikia.com

Forge valid token with misuse of OTP key reuse

Cryptography Asked by Irwin on February 19, 2021

I’m new to OTP and received a challenge.

Challenge

  • Context: A server uses OTP to encrypt and decrypt authentication tokens.
  • Misuse: The server always uses the same key.
  • Objective: Forge a valid token for user "master".

API

  • I can register unlimited users.
  • Username: Between 8 and 32 alphanumeric characters.
  • Password: At least 8 characters.
  • Login: I get a token for every time log in.

The Token

  • Encryption: plaintext ⊕ key = token.
  • Misuse: The key will be the same for every token issued.
  • The first 32 characters of the encrypted token contains the username.
  • If username is shorter than 32, a fixed padding char will be used to fill.

I’ve tried

I’ve registered a new user

username: "usernametest",
password: "passwordtest"

And logged in two times

1st Token: F11D8C3559DACFF766C22A14E81DE3853F895947008EDDD53BC831CF5919C6F28CE938EDDFBC7914949C881FE1659E516B6DF43E267F537990791BBD4C2B528F42553E2577E5208BF815CCA3A9F290A453C46051E5A6

2nd Token: F11D8C3559DACFF766C22A14E81DE3853F895947008EDDD53BC831CF5919C6F28CE938EDDFBC7914948EAD47EE6E9245003B914F4727017BE75337B94836528F42553E2577E5208BF815CCA3A9F292A55BC26259EAAD
  1. I know that "usernametest" appear in both messages.
  2. I’ve encoded the word to a hex string: 757365726e616d6574657374.
  3. 1st Token ⊕ 2nd Token: 1225580F0B0C146B56657161585202772A2C04041D000000000000000000000000000000000201080602080F0B
  4. 1st Token ⊕ 2nd Token = ("usernametest" + fill + plaintext) ⊕ ("usernametest" + fill + plaintext).

Does it make sense? How should I proceed?

I’ve been stuck at this stage for more than a day. Can someone help me?

Reference:
Many Time Pad Attack – Crib Drag

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP