OpenID homesite authorization spoofed
Josh Hoyt
josh at janrain.com
Mon Oct 23 21:17:32 UTC 2006
On 10/23/06, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org> wrote:
> Now in the steps below, this is one of the options: DNS poisoning of the RP
> would have done the trick
This is indeed a known attack. Can you confirm that the attack you
originally described was against the relying party's name resolution?
> or sniffing of the shared secret of the real IDP would have been even easier, I guess...
The shared secret exchange, when it happens over plain HTTP, is done
with the Diffie-Hellman key exchange algorithm. This algorithm is not
vulnerable to sniffing.
Josh
More information about the general
mailing list