[154002] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed Jun 20 19:12:52 2012
Date: Wed, 20 Jun 2012 16:12:34 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: Randy Bush <randy@psg.com>
Mail-Followup-To: Randy Bush <randy@psg.com>, nanog@nanog.org
In-Reply-To: <m2sjdpbn8d.wl%randy@psg.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Thu, Jun 21, 2012 at 08:02:58AM +0900, Randy Bush w=
rote:
> what is the real difference between my having holding the private half
> of an asymmetric key and my holding a good passphrase for some site?
> that the passphrase is symmetric?
The fact that it is symmetric leads to the problem.
The big drawback is that today you have to provide the secret to
the web site to verify it. It doesn't matter if the secret is
transfered in the clear (e.g. http) or encrypted (e.g. https), they
have it in their RAM, or on their disk, and so on. Today we _trust_
sites to get rid of that secret as fast as possible, by doing things
like storing a one way hash and then zeroing the memory.
But what we see time and time again is sites are lazy. The secret
is stored in the clear. The secret is hashed, but with a bad hash
and no salt. Even if they are "good guys" and use SHA-256 with a nice
salt, if a hacker hacks into their server they can intercept the secret
during processing.
With a cryptographic solution the web site would say something like:
"Hi, it's 8:59PM, transaction ID 1234, cookie ABCD, I am foo.com, who are y=
ou."
Your computer would (unknown to you) would use foo.com to figure out
that bicknell@foo.com (or superman@foo.com) was your login, do some
math, and sign a response with your private key that says:
"Hi, I'm bicknell@foo.com, I agree it's 8:59 PM, transaction 1234,
cookie ABCD."
Even if the attacker had fully compromised the server end they get
nothing. There's no reply attack. No shared secret they can use to log
into another web site. Zero value.
> s/onto web sites/this web site/ let's not make cross-site tracking any
> easier than it is today.
Yep. Don't get me wrong, there's an RFC or two here, a few pages of
code in web servers and browsers. I am not asserting this is a trival
change that could be made by one guy in a few minutes. However, I am
suggesting this is an easy change that could be implemented in weeks not
months.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBT+JY4rN3O8aJIdTMAQI6XRAAlWOEzYx7T4K7Bq7cJ85pQVgEBIPS4X/3
kOuuMUF8vm1LO83FkINE6IhSfcBjhDOdrQIzGwyb8Wh85B5hpquFi+b2gKKk0n6+
ygmo6eHqdqwr2EWmRYLHchlZO2ZZ23hVpOKc4nkW+cWuHGZYYkFpMU3qVSrvIgDk
W6SfWUyG9WOQum/h9glLumXFg+HuCSYiNiLOTPLnDyn4hkqYwz7rrdIEEKo0V1wm
xI9XwY5EgyPYM2oNR9ebAaGObF2KQ03dSpuS+vRx6EULHICc6TFUtP4qZITqOGwo
EFpSJSAimn2ZX5qlpRBf8zWNWEu26E0QgGfIfiSpxbG5CY7J5ZvEW8nlrTZWGLVi
/r2xikEr0z30rzB5vohFVPh8i1MaM4PmLejZh3jjjWaiGSriY2L88emSCi4GZ/bM
Z38XD+XaQRH9UomPwY+cWJ5He/bFgsBNs37dPONsEXEUKzgrozQeZto2NHhYSxNz
qnpx28Wqo6H9PgbdjqVrvK51/vmd0T4HaPflDo4Jl1CMEKGLvaMDhlfQj1sFPAdK
TEOqTHlq1HLk9/b4R7MPi0uex06SUMhPfrYmGFejJt0KWtmGMc+2qQV98E3nJ8Rb
H7XI/MLI6qDBGXq22JqT2yDgshpdRLC1DZTrCD8XbLYoyWb15vTtYPWpzTEibGs5
mm1lVZWwxiM=
=JhhA
-----END PGP SIGNATURE-----
--mP3DRpeJDSE+ciuQ--
