Re: [dix] Agenda bashing

To: EKR <ekr at networkresonance.com>
Subject: Re: [dix] Agenda bashing
From: Eliot Lear <lear at cisco.com>
Date: Fri, 07 Jul 2006 04:36:39 +0200
Authentication-results: sj-dkim-2.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: Digital Identity Exchange <dix at ietf.org>
Dkim-signature: a=rsa-sha1; q=dns; l=2530; t=1152239801; x=1153103801; c=relaxed/simple; s=sjdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Agenda=20bashing; X=v=3Dcisco.com=3B=20h=3D6inNqoEUmFyA1l2ZAW91r5N7nQI=3D; b=rnztWWstA5sRaElHbkswSEHy16h7S4S1mMM5pejZinMRjEmPxWn2rWVfkti4OBKcASpSsNF/ 7FdkAyZFB6Wfd/sLX3BPOjx+i9456xcTQPKracJMe67tZAiskhpdWp4q;
In-reply-to: <864pxuhkx4.fsf@raman.networkresonance.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <20060703172550.A182A222425@laser.networkresonance.com> <44A973DC.9040801@cisco.com> <86zmfqa0au.fsf@raman.networkresonance.com> <8C86E9E37E4BD3C-1288-2A5B@FWM-D05.sysops.aol.com> <44ACA9CF.7090605@cisco.com> <86fyhej3hg.fsf@raman.networkresonance.com> <44AD1A86.1050300@cisco.com> <864pxuhkx4.fsf@raman.networkresonance.com>
Reply-to: Digital Identity Exchange <dix at ietf.org>
User-agent: Thunderbird 1.5.0.4 (Macintosh/20060530)

Eric Rescorla wrote:
> Eliot Lear <lear at cisco.com> writes:
>
>   
>> Eric Rescorla wrote:
>>     
>>> Well, you could clearly use PwdHash this way. In fact, that's how
>>> your industry standard challenge-response token works. But it doesn't
>>> really help because you don't have HRA against an attacker who
>>> controls the victim's computer. So, they don't capture your
>>> authentication string but they capture the immediately following
>>> session.
>>>   
>>>       
>> PwdHash as an algorithm doesn't protect you from a host computer
>> compromise.  For that you need architectural separation, which is why
>> smart cards etc exist. 
>>     
>
> Yes, Eliot, I'm really quite familiar with the principle of 
> two-factor authentication. My point was that the algorithm
> that PwdHash employs is basically the same one that your 
> average challenge response token uses. It's purely a matter
> of location.
>   

That the password is at all related to the hash result at all is an
(IMHO) unnecessary risk that would in our scenarios impact more than a
single service.  There exists methods where this is NOT the case.

>
>   
>> It remains up to the end server as to what
>> transactions might require additional authentication.  So for instance,
>> a bank may choose to authenticate on new payees for online billing or
>> for particularly large transactions.  Or not.
>>     
>
> The problem is that this only sort-of protects you against host
> computer compromise because the token that the user authenticates with
> generally isn't cryptographically bound to the request the user
> is making. This allows the crimeware to claim it's requesting
> you to use your token for innocuous purpose X (e.g, routine
> security check) but to actually be using it for malicious purpose
> Y. So, it's a liveness check, but not a misuse check. See also
> [BF99].
>   
Indeed if you don't trust your browser to function properly you are left
with tradeoffs.  As we've seen even in the mobile world, a browser can
get hacked.  But there are approaches to further reduce the risk, like
describing the transaction on a display of the card.  And Eric, keep in
mind one obvious application for all of this: if I want to put an end to
bots at my company, I may want to periodically demand strong
authentication from the PCs for various functions.  Let's see the
malware that is both a useful bot and attempts to fool me into thinking
I'm not sending that email I mean to send.

Eliot

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- Re: [dix] Agenda bashing
  - From: Eric Rescorla

References:
- Re: [dix] Agenda bashing
  - From: Eric Rescorla
- Re: [dix] Agenda bashing
  - From: Eliot Lear
- Re: [dix] Agenda bashing
  - From: Eric Rescorla
- Re: [dix] Agenda bashing
  - From: thayes0993
- Re: [dix] Agenda bashing
  - From: Eliot Lear
- Re: [dix] Agenda bashing
  - From: Eric Rescorla
- Re: [dix] Agenda bashing
  - From: Eliot Lear
- Re: [dix] Agenda bashing
  - From: Eric Rescorla

Prev by Date: Re: [Ietf-http-auth] Re: [dix] Notes on Web authentication enhancements
Next by Date: Re: [dix] John not attending IETF 66
Previous by thread: Re: [dix] Agenda bashing
Next by thread: Re: [dix] Agenda bashing
Index(es):
- Date
- Thread

Re: [dix] Agenda bashing

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.