> Recently, on both the jQuery(.com) and PHP mailinglists, a question has
> arisen on how to properly secure a login form for a non-ssl web-application.
> But the replies have been "get ssl".. :(

What makes you think these are ill-advised?

> I disagree, and think that with a proper layout of authentication
> architecture, one can really secure a login system without having the
> administrative overhead of installing SSL everywhere, and the monetary cost
> for a SSL certificate for each domain.

Well, it depends on how much security is enough for you. If the
threats you are concerned with encompass the threats mitigated by
SSL/TLS, then you should definitely use TLS. You could arguably use
Kerberos, SSH or IPSEC to achieve the same level of security, but that
would not be handy, since SSL/TLS is what is bundled in web servers
and browsers. Oh, and you don't necessarily have to buy a certificate
to Verisign to use SSL!

The only thing your scheme seems to achieve is protect your password
against eavesdroppers. But then, an eavesdropper could reuse your
cookie to hijack your session. Your protocol does not mitigate such
threats as session hijacking, MITM, phishing, HTTP cache poisoning and
the list goes on. And whatever the shortcomings of TLS might be, it
does mitigate these threats.

Now, if you threat model goes along the lines of :
 * The only asset I want to protect is my password (because I use the
   same password to access critical data hosted on other services!)
 * I don't care whether my session is compromised.
 * I don't care whether my data is captured by an eavesdropper.
Then your scheme might indeed be what you need. I did not give it more
than a quick look though. And I would suggest you reconsider in the
first place the reasons that made you reuse such a precious password.

I hope this last paragraph makes sense and you will forgive my use of sarcasm.
Erwan Legrand

Simplicity is prerequisite for reliability.
       -- E. W. Dijkstra

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to