[off list] Re[7]: [security] [dix] Re: Gathering requirements for in-browser OpenID support

Chris Drake christopher at pobox.com
Tue Oct 31 11:59:45 UTC 2006 

Hi Ben,

Did you get my original question?  Can you explain how you
would deploy EKE in a browser to defeat MitM ?


Tuesday, October 31, 2006, 9:55:53 PM, you wrote:

BL> On 31/10/06, James A. Donald <jamesd at echeque.com> wrote:
>> Chris Drake wrote:
>> > For the benefit of me and others reading this thread, can you briefly
>> > explain how you would deploy EKE in a browser to defeat MitM ?
>>
>> To make this work, we need the browser chrome to handle the login rather
>> than the web page — in the case of firefox a browser extension —
>> requires an extension to current browser practices.

BL> Not necessarily chrome, though that would probably be best. It could
BL> be done in java or javascript (painfully, in the latter case), also.

Modern XSS security blocks foreign scripts (good or bad), so you are
limited to communicating the script from the web site to the user,
which runs into the "stupid user" problem again: and MitM proxy
attacks will again succeed here.

Kind Regards,
Chris Drake


Tuesday, October 31, 2006, 4:14:06 PM, I wrote:

CD> Hi Ben,

CD> For the benefit of me and others reading this thread, can you briefly
CD> explain how you would deploy EKE in a browser to defeat MitM ?

CD> Lets assume I set up a MitM site -
CD> https://www.paypal.com.phisher.com
CD> and I even bother to buy a $38 SSL cert for it.  Next - I install a
CD> CGI script here which grabs the real PayPal site, adjusts references
CD> to paypal.com so they read "paypal.com.phisher.com" (eg: form POST
CD> targets), and send this to the phish victim. *.phisher.com is now the
CD> "Man in the Middle" between PayPal, and victim.

CD> I call this a "stupid user" problem, because the user has forgotten to
CD> check they're on the correct URL.  Everything else (except windows
CD> password auto-complete) acts & looks legit.

CD> Now - Encrypted Key Exchange solves this problem by: [insert your
CD> explanation here] ?

CD> Kind Regards,
CD> Chris Drake


CD> Monday, October 30, 2006, 10:05:11 PM, you wrote:

BL>> On 28/10/06, Chris Drake <christopher at pobox.com> wrote:
>>> Hi Ben,
>>>
>>> Apart from that blog where the blogger didn't realize that all banks
>>> immediately suspend accounts that get logged in to from Russia,
>>> Eastern Europe, Asia, and more generally - anyplace other than
>>> "normal" - and as such - can't ever work - no - phishing attacks are
>>> not MitM.  They're just bogus web sites that email captured
>>> credentials to hackers.  Sure - some hackers might be able to capture
>>> some token credentials, but they can't *use* them - not from Russia,
>>> and not after the 30seconds or so most token codes last for.
>>>
>>> Besides - and the most important thing really - there's no such thing
>>> that *I've* ever heard of that *can* be put into any protocol to
>>> prevent MitM attacks from succeeding.  If user A doesn't check their
>>> URL says site B when user A thinks they're on site C - then site B can
>>> merely proxy anything site C puts up, stealing whatever they want in
>>> the process.

BL>> Clearly you need to update your crypto knowledge. There are many
BL>> protocols that prevent MitM - for example, EKE.

BL>> Yes, site B can always proxy, but it doesn't help site B if he is
BL>> proxying a conversation he can't understand, by virtue of it being
BL>> encrypted.

>>> MitM is not a protocol problem - it's a "stupid user" problem.

BL>> Wrong.

>>>
>>> Kind Regards,
>>> Chris Drake
>>>
>>>
>>> Sunday, October 29, 2006, 2:28:03 AM, you wrote:
>>>
>>> BL> On 28/10/06, Chris Drake <christopher at pobox.com> wrote:
>>> >> BL> 2 factor auth gets you nowhere if the underlying protocols don't
>>> >> BL> protect you from MitM.
>>> >>
>>> >> What he *means* of course - is that 2-Factor auth solves pretty much
>>> >> every security problem users are likely to face in the wild
>>> >> (especially the most common and dangerous - phishing) - with the
>>> >> *exception* of Man-in-the-middle attacks, in some circumstances.
>>>
>>> BL> ? But many phishing attacks are MitM.
>>>
>>> >> It certainly doesn't "get you nowhere" - it almost always gets you
>>> >> exactly to where you want to be.
>>>
>>> BL> We seem to be drifting far from the original point, which was that the
>>> BL> protocols should protect users against MitM. 2-factor auth doesn't do
>>> BL> this, of itself. And if the protocols do provide protection, then
>>> BL> 2-factor auth defends against a rather small subset of attacks.
>>>
>>> >>
>>> >> Kind Regards,
>>> >> Chris Drake
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> general mailing list
>>> >> general at openid.net
>>> >> http://openid.net/mailman/listinfo/general
>>> >>
>>>
>>>
>>>
>>>

More information about the general mailing list