On Tue, Feb 24, 2009 at 8:30 AM, Ed Gerck <edge...@nma.com> wrote: [snip] > Thanks for the comment. The BofA SiteKey attack you mention does not work > for the web access scheme I mentioned because the usercode is private and > random with a very large search space, and is always sent after SSL starts > (hence, remains private).
This is meaningless. What attack is the 'usercode' trying to prevent? You said it's trying to authorise the site to the user. It doesn't do this, because a 3rd party site can take the usercode and send it to the 'real' site. [snip] > I'm referring to SMTP authentication with implicit SSL. The same > usercode|password combination is used here as well, but the usercode is > prepended to the password while the username is the email address. In this > case, there is no anti-phishing needed. Eh? This still doesn't make any particular amount of sense. [snip] > This case has the same BofA SiteKey vulnerability. However, if that is > bothersome, the scheme can also send a timed nonce to a cell phone, which is > unknown to the attacker. This is explained elsewhere in > http://nma.com/papers/zsentryid-web.pdf Anything you do can be simulated by an evil site. Sending a key to a phone is a good idea, but still, in the end, useless, because the evil site can simulate it by passing whatever requested the user did to that site. [snip] > If the threat model is that you can "learn or know the RNG a given site is > using" then the answer is to use a hardware RNG. No, it isn't. > The point is that two passwords would still not have an entropy value that > you can trust, as it all would depend on user input. *shrug* make one of them autogenerated. Doesn't matter. You're just adding complexity for no real benefit. > That data is just a key that is the same for /all/ users. It is not > user-specific. its knowledge does not provide information to attack any > account. Well I'm sorry but you don't understand your own system then. Obviously it must have information to 'attack' a given account, because you used it to generate something. The function you used did something, so you can repeat it if you have all the inputs. > Sorry if it wasn't clear. Please have a second reading. Indeed. > Cheers, > Ed Gerck -- noon silky http://www.boxofgoodfeelings.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com