Nelson B Bolyard wrote:
[...] It because none of them: J-PAKE, SPEKE, SRP, or for that
matter, good old CRAM-MD5 address the NUMBER ONE problem with passwords.
>
PHISHING.
They are a very significant progress with regard to that actually.
What do JPAKE, SPEKE and SRP claim to give you that CRAM-MD5 does not?
ZERO-KNOWLEDGE
The server can not attack by brute-force the content of the exchange to
deduce what you password is.
The answer is: they don't require that you share your secret password
directly with the party who you would have authenticate you, [...]
Now, that's not it : What they truly bring is that if you are misled
into making an handshake with a phishing site, you don't give to that
site any information about what your password might be.
Even if you have a weak password that it is trivial to brute-force.
[...]
The ONLY solutions that actually solve phishing are the ones that the user
CANNOT be tricked into giving away.
If you are tricked into making the handshake with the wrong site,
there's no bad consequence.
So the risk is to be tricked into entering your password inside a field
that doesn't do a handshake, but instead just sends copy of it to the
pirate.
Therefore password exchange solution that relies on you entering the
password inside a standard web page are still strongly vulnerable to the
phishing problem, and there's no progress over older password schemes.
But if the password is entered inside an element that is unambiguously
the GUI of your browser, web site can not do a phishing attack against
it any more, and the solution is actually quite good.
A very important point : The easiest way to mimick the GUI of your
browser is to be able to execute code locally (or at least with Chrome
privileges in the browser). But if you are able to do that, you're also
able to mimick the password dialog for software protected private key,
and then make the XPCOM calls required to export the private key.
Therefore the actual gap in security between the two is :
- A : An attaquer that find a way to create a windows that tricks users
to believe it's the genuine Firefox GUI for the password, without having
to use chrome privilege.
- B : An attaquer that uses the usual weaknesses of passwords to get
access without phishing the user. Those usual weaknesses being that
passwords are frequently very weak, but the worst I believe is that
users frequently reuse them. So the attacker could obtain the value of
the password of the user at another site, and use it to guess accurately
what he's using at the protected site.
Hardware protected private keys have a much more significant added value
than software ones when compared to those schemes. Unfortunately they
are still very little used. Except in China, surprisingly (Banks there
have distributed millions of PKI hardware token to identify on their web
sites)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
