On Wed, Oct 25, 2017 at 6:32 PM, William Stein <[email protected]> wrote: > > On Wed, Oct 25, 2017 at 9:12 AM Emmanuel Charpentier > <[email protected]> wrote: >> >> During the >> [discussion](https://groups.google.com/d/msg/sage-devel/fE45025Wphs/mKdCAeNhAgAJ) >> of the inclusion of OpenSSL, a few remarks were mafdeabout the security of >> our distribution infrastructure. >> >> >> It has been noted that http is ridiculously easy to hijack, and some have >> remarked that this potential threat also applied to the http downloads from >> our mirrors. >> >> I think we should consider this issue, an plan to post (Real Soon Now) a >> call for discussion about this. What is the relevant list ? >> >> Others remarked that a non-SSL-enabled pip, which impedes, for example, >> downloading from Pipy, sort-of enhanced security by suppressing a possible >> source of attack. No comments... >> >> I have a few questions : >> * Would it be difficult/onerous/cumbersome to ask our mirrors to switch to >> https-only service ? >> * Would such a measure significantly lower the possibility of attacks of a >> Sage user/developer machine via "http hijacking" ? >> * what is the likelihood of such an attack ? > > > I would estimate the likelihood that some Sage users is attacked in this way > at 99.99%. It's probably already happened. Done right it would not be > detected. There are many extremely smart people whose jobs are related to > crypto, and Sage is one of the standard tools of choice for cryptographers, > which makes it a very natural target. If your fulltime job involved > gathering intelligence about cryptanalytic techniques, with bonus points for > anything not publicly known, it's not too much of a stretch to imagine you > might like access to all private files on the computers of cryptography > researchers (e.g., papers/research in progress/private ideas). All it would > take would be one slightly modified "sage -i" to install something on a > sage-user's computer, and you would own all their data.
That's a good point--in fact it was the one likely scenario I had in mind of a Sage user being attacked in this way. I placed the probability as much lower because on average the probability of being attacked is very low, but you're right that the likelihood that *someone* would be, or has already been, is not out of the question. That said, for such entities there are already much easier attack vectors even than building something around sage... Best, Erik -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
