[security] [off list] Re[7]: [dix] Re: Gathering requirements for in-browser OpenID support
Ben Laurie
benl at google.com
Tue Oct 31 12:06:18 UTC 2006
On 31/10/06, Chris Drake <christopher at pobox.com> wrote:
> Hi Ben,
>
> Did you get my original question? Can you explain how you
> would deploy EKE in a browser to defeat MitM ?
If you mean an unmodified existing browser with no plugins, then I'll
agree there's a problem deploying EKE.
This does not seem to me to be a good reason to not define a protocol
that is secure.
BTW, why does this say "off list"?
>
>
> Tuesday, October 31, 2006, 9:55:53 PM, you wrote:
>
> BL> On 31/10/06, James A. Donald <jamesd at echeque.com> wrote:
> >> Chris Drake wrote:
> >> > For the benefit of me and others reading this thread, can you briefly
> >> > explain how you would deploy EKE in a browser to defeat MitM ?
> >>
> >> To make this work, we need the browser chrome to handle the login rather
> >> than the web page — in the case of firefox a browser extension —
> >> requires an extension to current browser practices.
>
> BL> Not necessarily chrome, though that would probably be best. It could
> BL> be done in java or javascript (painfully, in the latter case), also.
>
> Modern XSS security blocks foreign scripts (good or bad), so you are
> limited to communicating the script from the web site to the user,
> which runs into the "stupid user" problem again: and MitM proxy
> attacks will again succeed here.
>
> Kind Regards,
> Chris Drake
>
>
> Tuesday, October 31, 2006, 4:14:06 PM, I wrote:
>
> CD> Hi Ben,
>
> CD> For the benefit of me and others reading this thread, can you briefly
> CD> explain how you would deploy EKE in a browser to defeat MitM ?
>
> CD> Lets assume I set up a MitM site -
> CD> https://www.paypal.com.phisher.com
> CD> and I even bother to buy a $38 SSL cert for it. Next - I install a
> CD> CGI script here which grabs the real PayPal site, adjusts references
> CD> to paypal.com so they read "paypal.com.phisher.com" (eg: form POST
> CD> targets), and send this to the phish victim. *.phisher.com is now the
> CD> "Man in the Middle" between PayPal, and victim.
>
> CD> I call this a "stupid user" problem, because the user has forgotten to
> CD> check they're on the correct URL. Everything else (except windows
> CD> password auto-complete) acts & looks legit.
>
> CD> Now - Encrypted Key Exchange solves this problem by: [insert your
> CD> explanation here] ?
>
> CD> Kind Regards,
> CD> Chris Drake
>
>
> CD> Monday, October 30, 2006, 10:05:11 PM, you wrote:
>
> BL>> On 28/10/06, Chris Drake <christopher at pobox.com> wrote:
> >>> Hi Ben,
> >>>
> >>> Apart from that blog where the blogger didn't realize that all banks
> >>> immediately suspend accounts that get logged in to from Russia,
> >>> Eastern Europe, Asia, and more generally - anyplace other than
> >>> "normal" - and as such - can't ever work - no - phishing attacks are
> >>> not MitM. They're just bogus web sites that email captured
> >>> credentials to hackers. Sure - some hackers might be able to capture
> >>> some token credentials, but they can't *use* them - not from Russia,
> >>> and not after the 30seconds or so most token codes last for.
> >>>
> >>> Besides - and the most important thing really - there's no such thing
> >>> that *I've* ever heard of that *can* be put into any protocol to
> >>> prevent MitM attacks from succeeding. If user A doesn't check their
> >>> URL says site B when user A thinks they're on site C - then site B can
> >>> merely proxy anything site C puts up, stealing whatever they want in
> >>> the process.
>
> BL>> Clearly you need to update your crypto knowledge. There are many
> BL>> protocols that prevent MitM - for example, EKE.
>
> BL>> Yes, site B can always proxy, but it doesn't help site B if he is
> BL>> proxying a conversation he can't understand, by virtue of it being
> BL>> encrypted.
>
> >>> MitM is not a protocol problem - it's a "stupid user" problem.
>
> BL>> Wrong.
>
> >>>
> >>> Kind Regards,
> >>> Chris Drake
> >>>
> >>>
> >>> Sunday, October 29, 2006, 2:28:03 AM, you wrote:
> >>>
> >>> BL> On 28/10/06, Chris Drake <christopher at pobox.com> wrote:
> >>> >> BL> 2 factor auth gets you nowhere if the underlying protocols don't
> >>> >> BL> protect you from MitM.
> >>> >>
> >>> >> What he *means* of course - is that 2-Factor auth solves pretty much
> >>> >> every security problem users are likely to face in the wild
> >>> >> (especially the most common and dangerous - phishing) - with the
> >>> >> *exception* of Man-in-the-middle attacks, in some circumstances.
> >>>
> >>> BL> ? But many phishing attacks are MitM.
> >>>
> >>> >> It certainly doesn't "get you nowhere" - it almost always gets you
> >>> >> exactly to where you want to be.
> >>>
> >>> BL> We seem to be drifting far from the original point, which was that the
> >>> BL> protocols should protect users against MitM. 2-factor auth doesn't do
> >>> BL> this, of itself. And if the protocols do provide protection, then
> >>> BL> 2-factor auth defends against a rather small subset of attacks.
> >>>
> >>> >>
> >>> >> Kind Regards,
> >>> >> Chris Drake
> >>> >>
> >>> >>
> >>> >> _______________________________________________
> >>> >> general mailing list
> >>> >> general at openid.net
> >>> >> http://openid.net/mailman/listinfo/general
> >>> >>
> >>>
> >>>
> >>>
> >>>
>
>
>
>
>
More information about the security
mailing list