[18379] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Alaric Dailey)
Wed Sep 7 11:30:27 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 07 Sep 2005 08:56:34 -0500
From: Alaric Dailey <alaricd@pengdows.com>
To: cryptography@metzdowd.com, anti-fraud@lists.cacert.org
In-Reply-To: <E1ECuQX-0006HD-00@medusa01.cs.auckland.ac.nz>
This is a cryptographically signed message in MIME format.
--------------ms030405030304000308030804
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Peter Gutmann wrote:
>Alaric Dailey <alaricd@pengdows.com> writes:
>
>
>
>>While I admit that PKI is flawed, I don't see anyway that PSK could used
>>effectively.
>>
>>How are PSKs going to be shared in a secure way?
>>are we talking about generating a new key for every connection?
>> if so how do you validate the key?
>> if not, how do you validate that the key hasn't been compromised by
>>someone who put up a phishing site?
>>
>>
>
>Gosh, I don't know. How about the way we've already been doing it for the
>past decade or so on every single passworded web site in existence, and for
>another decade before that with ATM PINs.
>
>
>
>>In my opinion, PSK has the same problems as all symmetric encryption, its
>>great if you can share the secret securely, but distribution to the masses
>>makes it infeasible.
>>
>>
>
>Exactly, PSK's are infeasible, and all those thousands of web sites that have
>successfully employed them for a decade or more are all just figments of our
>imagination.
>
Show me one sight that uses PSKs to secure its connection to the masses.
> By extension, ATMs are also infeasible.
>
>
ATMs would be infeasible if they were not a 2 factor authentication
system, and every day we see more cracks in the way that system is
implemented. Starting with the way the PSKs are shared.
http://news.bbc.co.uk/1/hi/technology/4183330.stm
>Sarcasm aside for a minute, several people have responded to the PSK thread
>with the standard "passwords don't work, whine moan complain" response that
>security people are expected to give whenever passwords are mentioned. It's
>all the user's fault, they should learn how to use PKI. Well we've had ten
>years of that and it seems to be making bugger-all difference in protecting
>users, based on the universal success of phishing attacks.
>
>What's happened is that security people have said "Here's our perfect
>solution, PKI, and we're not budging an inch on that", the masses have said
>"We can't manage anything beyond usernames and passwords and we're not budging
>an inch on that", and the phishers have leaped in and filled the gap between
>the two while both sides are sitting there holding their breath to see whose
>face goes blue first.
>
>The failing is in the security community. Security practitioners (by which I
>mean people who build secure systems, not ones who merely go out and
>pontificate about them) have 30 years of research in authentication mechanisms
>to fall back on, and yet the state-of-the-art in use today is to hand out the
>plaintext password to anyone who asks for it: "Hi, I'm your bank, or Paypal,
>or something, please give me your password".
>
>Instead of using a decent (and trivial to implement) challenge-response
>mutual-authentication mechanism, we're using the worst possible one there is,
>the one that every security textbook warns against, while sitting back and
>waiting for PKI to start working.
>
>My mother (to use my favourite canonical non-technical user) has figured out
>how to use a username and password to authenticate herself. She hasn't, and
>never will, figure out PKI, and nor will most of the rest of humanity. The
>users have amply demonstrated to us what they're capable of handling. It is
>the failing of the security community to not use that effectively - password-
>based authentication is bad because the security community (or at least
>security application developers) have made it bad, not because it's inherently
>poor.
>
>Here's my proposal for an unmistakable TLS-PSK based authentication mechanism
>for a browser:
>
> When connecting to a TLS-PSK protected site, the URL bar (or something else
> very obvious, say the top border of the page) is set to a colour like blue,
> matching what Mozilla currently does with its yellow for SSL sites. The
> blue bar then zooms out into a blue-marked dialog box asking for the
> username and password (I'm assuming here that you can't spoof this sort of
> thing in Javascript). Once the mutual auth of client and server has
> occurred, the blue-marked dialog box zooms back to the blue-marked web page,
> providing a clear connection between all stages of authentication and secure
> display. All that users have to learn is to never enter their password on a
> non-blue-marked site.
>
>It doesn't solve *all* phishing problems, but it's a darn sight better than
>the mess we're in now.
>
>Peter.
>
>
>
>
Your "solution" doesn't cover any of the problems with phishing, come
on, if all we have is a preshared key, how is a user who can't even
verify the details of a cert going to know if the site they have
connected to is legitimate, all those wonderful AOL users will be easily
duped into putting in their 1 weak password of "love", "sex", "god" or
"money" and the phisher will have their info. And we won't even get
into the fact that easy to guess PSKs are the one real weakness
symmetric encryption systems that actually can keep the secret of their
PSK. I also wont start on a rant about how all those wonderful AOL users
won't be able to keep track of all those PSKs if they are unique to the
user.
With PSK you cannot verify
-not domain ownership
-the key belongs to the domain you are connecting to
-the key hasn't been shared with an evil party that is now impersonating
your favorite website
in fact without the details in the cert there is nothing to verify.
Without Public/Private key encryption there is no mitigation of a man in
the middle attack, verification of either party, for sites like Amazon
or Hotmail, PSK introduces many many more problems than it will ever
solve.
The only exception might be is if the 2 parties have a unique PSK such
as an banks ATM system, and there are systems that handle just that kind
of massive symmetric key storage (RSA makes a nice one) but is that
safer than Public/Private key encryption? No, if it were, PGP/GPG and
X.509 wouldn't exist.
The Achilles heel of symmetric encryption is always the same, sharing
that key securely, and a secret that is shared is not a secret.
--------------ms030405030304000308030804
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKXzCC
Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI
EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv
bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi
BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy
c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5
NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy
Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC
dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB
kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh
d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV
HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD
gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi
w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb
NU1341YheILcIRk13iSx0x1G/11fZU8wggOKMIIC86ADAgECAgMPYJswDQYJKoZIhvcNAQEE
BQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1
MDgyODAwNDMzOFoXDTA2MDgyODAwNDMzOFowgakxDzANBgNVBAQTBkRhaWxleTEPMA0GA1UE
KhMGQWxhcmljMRYwFAYDVQQDEw1BbGFyaWMgRGFpbGV5MSMwIQYJKoZIhvcNAQkBFhRhbGFy
aWNkQHBlbmdkb3dzLmNvbTEnMCUGCSqGSIb3DQEJARYYYWxhcmljZGFpbGV5QGhvdG1haWwu
Y29tMR8wHQYJKoZIhvcNAQkBFhBieXRld3VsZkBhaW0uY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsndiAxzl3D2f+nOTQcPlwWoTD1hFN58Boc3BeiW/0eV2FwwsC0c6
37enTowaLbGOYU5JOGU6uYi/eYUeY7Ge3uN18ShOhRUsTWDQ3Y8yclz68kTyVctByWvYxECB
2Bm6QTI166T8y1y2N3+sfpecYJSpdDVq6cL82znGJyYVGVkInhahfj2QSF09LL2hDoUpVOdG
Qu2gRMye7Uy5fZ012bzqbOJAAwzM+am5BxEeXD8HamN9tZymCXWEGmZBdcrpk9XVDcnDHYfe
639ApqU+Dbi6uyYAtc1QhFiaeWMxCwTBSumWQsw3Sgfm+xxuKTcu41yQnrtQTMT2tUJqRKJ7
+QIDAQABo4GBMH8wDwYDVR0PAQH/BAUDAwf5gDARBglghkgBhvhCAQEEBAMCBaAwSwYDVR0R
BEQwQoEUYWxhcmljZEBwZW5nZG93cy5jb22BGGFsYXJpY2RhaWxleUBob3RtYWlsLmNvbYEQ
Ynl0ZXd1bGZAYWltLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBADBypc1c
SLRlwln5n2/MksNpJb0CXi71MeqR4RG5JlBYuALF/SxCKwfU4CCw8azboRszQNPLgicQUTT8
EZpDr4f+s9xK2R0V6mKNDtHSMHUdW3w5zlGchhqua+zfHWlJovkMiP3Tpukb53V2aMtGoh6B
QFZEq8nSiHAOhLLNdgT+MIIDijCCAvOgAwIBAgIDD2CbMA0GCSqGSIb3DQEBBAUAMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNTA4MjgwMDQz
MzhaFw0wNjA4MjgwMDQzMzhaMIGpMQ8wDQYDVQQEEwZEYWlsZXkxDzANBgNVBCoTBkFsYXJp
YzEWMBQGA1UEAxMNQWxhcmljIERhaWxleTEjMCEGCSqGSIb3DQEJARYUYWxhcmljZEBwZW5n
ZG93cy5jb20xJzAlBgkqhkiG9w0BCQEWGGFsYXJpY2RhaWxleUBob3RtYWlsLmNvbTEfMB0G
CSqGSIb3DQEJARYQYnl0ZXd1bGZAYWltLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALJ3YgMc5dw9n/pzk0HD5cFqEw9YRTefAaHNwXolv9HldhcMLAtHOt+3p06MGi2x
jmFOSThlOrmIv3mFHmOxnt7jdfEoToUVLE1g0N2PMnJc+vJE8lXLQclr2MRAgdgZukEyNeuk
/Mtctjd/rH6XnGCUqXQ1aunC/Ns5xicmFRlZCJ4WoX49kEhdPSy9oQ6FKVTnRkLtoETMnu1M
uX2dNdm86mziQAMMzPmpuQcRHlw/B2pjfbWcpgl1hBpmQXXK6ZPV1Q3Jwx2H3ut/QKalPg24
ursmALXNUIRYmnljMQsEwUrplkLMN0oH5vscbik3LuNckJ67UEzE9rVCakSie/kCAwEAAaOB
gTB/MA8GA1UdDwEB/wQFAwMH+YAwEQYJYIZIAYb4QgEBBAQDAgWgMEsGA1UdEQREMEKBFGFs
YXJpY2RAcGVuZ2Rvd3MuY29tgRhhbGFyaWNkYWlsZXlAaG90bWFpbC5jb22BEGJ5dGV3dWxm
QGFpbS5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAwcqXNXEi0ZcJZ+Z9v
zJLDaSW9Al4u9THqkeERuSZQWLgCxf0sQisH1OAgsPGs26EbM0DTy4InEFE0/BGaQ6+H/rPc
StkdFepijQ7R0jB1HVt8Oc5RnIYarmvs3x1pSaL5DIj906bpG+d1dmjLRqIegUBWRKvJ0ohw
DoSyzXYE/jGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMPYJswCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwOTA3MTM1NjM0WjAjBgkqhkiG9w0BCQQxFgQUVi2r
8Ffo8Br44T0p65mwunWGVw8wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYB
BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECAw9gmzB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAgMPYJswDQYJKoZIhvcNAQEBBQAEggEAEfL0t98GBlm+nyIC
dFdSqY8whz7WqUXc3xmTs0rASvbVtRdrs3QbiZznR7bOBPxOsWBuH2LGSMYbHxz/NT4QmkUu
ElocFWFh2aW7+TKGJI8Ie0Ibo1ptF5xDo/0M33Hricr3PKwcXWM18/7M0EO2cXyLJrykl9+A
EvM4Q7+yNQdYNqu+axMlCr4atSzKoS0kDW4yEHwpM+UXuUV7N3mPAbf0Y7iqzc1MSR93K++M
qLL7JUaIi0ZHeOF1SnXznS2bat2cc/jzH1ppbgMucbpurTx5JoFfmU22lxMwBPXWCx0LTBeb
GS/gOyyWlAW4seZ8dcbBfbVYcvvJ23Q/M84WlQAAAAAAAA==
--------------ms030405030304000308030804--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
