Re: How can I encrypt public key in handshake?

Tue, 20 Mar 2001 16:36:10 -0800 

Well, at least now you've doubled the amount of effort expended -- two
mail messages.  I don't know if that warrants a :) or a :( ...

> 4. Send client a token to encrypt.

Unless the "token" includes a timestamp or is completely random, this is
suspect to replay or prediction attacks.  If you were aware of those,
you probably should have made it explicit, given the level of
crypto-protocol expertise already evidenced here. :)

If the client already trusts the server, then why not just send back its
client password and the current time encrypted with the server's public
key?

Look, the literature of password-based authentication protocols is wide,
and much of it is surprisingly accessible.  A fairly simple google
search for things like SRP, SPEKE, and Kerberos, "Bellovin and Merritt"
should turn up some pretty good protocols fairly quickly.

        /r$



> 5. Check the returned encrypted token with encryption via the password on
> the server side.
> 
> Thank you for staking me. I think this sounds a little bit more reasonable,
> correct?
> 
> Bill
> 
> -----Original Message-----
> From: Rich Salz [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 20, 2001 3:58 PM
> To: [EMAIL PROTECTED]
> Subject: Re: How can I encrypt public key in handshake?
> 
> > > 3. Verify that the server is who you think it is (via the public key)
> > > (client can now trust server)
> > > 4. Pass an encrypted token to the client (encrypted with client
> password)
> 
> A classic, and amateur-level mistake.  You should NEVER hand out
> something encrypted with a user's password to anyone who asks.  Cf.
> KerberosIV. :)  Using the steps above, the server is now quite
> courteously helping an adversary with an off-line dictionary attack.
> 
> > This kind of ad hoc
> > thinking by amateurs never results in a protocol worthy of deployment.
> 
> All too true.  In fact, it usually results in protocols that should be
> spiked through the heart but unfortunately escape, the undead, to
> torment the truly security conscious.
>         /r$
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to