On Tue, Nov 12, 2013 at 8:37 AM, Nicholas Weaver <[email protected]>wrote:
> > On Nov 12, 2013, at 8:05 AM, Phillip Hallam-Baker <[email protected]> > wrote: > > > The biggest weakness in Internet protocols is relying on passwords for > authentication. What can we do to make the password mechanisms more secure > and to wean the Internet off passwords? > > > > I don't want to start an NSA rathole here, but I need evidence to > support the above assertion and until the GRU or MOSSAD or PLA or whatever > have their Snowden event, I am limited to using the NSA. > > > > 1) NSA using Password sniffing in Attack: > http://boingboing.net/2013/11/11/gchq-used-fake-slashdot-linke.html > > Thats false. They didn't use password sniffing in this attack. And > overall reporting on that was pretty dismal. > > This was targeting information for a QUANTUMINSERT attack [1], aka packet > injection/Man-on-the-Side for exploitation. And there was no fake slashdot > page, just fake packets. I wish they were just password sniffing. > The cookie stealing attack is easier to prevent: https://datatracker.ietf.org/doc/draft-hallambaker-httpsession/ Basically the protocol is as follows: 1) Client tells server 'I accept strong cookies' 2) Server sends an algorithm and shared secret in the HTTP channel 3) Client presents the usual cookie plus a MAC value calculated over some of the request and the shared secret exchanged earlier. 4) Server authenticates response in the same way. The mechanism can be optionally bound to the TLS channel and the request content. The initial exchange is preferably protected by TLS but this is not essential. The main objective is to avoid repeated transfer of a bearer credential. If plaintext exchange is going to be frequent, a DH exchange should be available as an option. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
