In a message written on Thu, Jun 21, 2012 at 08:02:58AM +0900, Randy Bush wrote:
what is the real difference between my having holding the private half of an asymmetric key and my holding a good passphrase for some site? that the passphrase is symmetric?
The fact that it is symmetric leads to the problem. The big drawback is that today you have to provide the secret to the web site to verify it. It doesn't matter if the secret is transfered in the clear (e.g. http) or encrypted (e.g. https), they have it in their RAM, or on their disk, and so on. Today we _trust_ sites to get rid of that secret as fast as possible, by doing things like storing a one way hash and then zeroing the memory. But what we see time and time again is sites are lazy. The secret is stored in the clear. The secret is hashed, but with a bad hash and no salt. Even if they are "good guys" and use SHA-256 with a nice salt, if a hacker hacks into their server they can intercept the secret during processing. With a cryptographic solution the web site would say something like: "Hi, it's 8:59PM, transaction ID 1234, cookie ABCD, I am foo.com, who are you." Your computer would (unknown to you) would use foo.com to figure out that bicknell@foo.com (or superman@foo.com) was your login, do some math, and sign a response with your private key that says: "Hi, I'm bicknell@foo.com, I agree it's 8:59 PM, transaction 1234, cookie ABCD." Even if the attacker had fully compromised the server end they get nothing. There's no reply attack. No shared secret they can use to log into another web site. Zero value.
s/onto web sites/this web site/ let's not make cross-site tracking any easier than it is today.
Yep. Don't get me wrong, there's an RFC or two here, a few pages of code in web servers and browsers. I am not asserting this is a trival change that could be made by one guy in a few minutes. However, I am suggesting this is an easy change that could be implemented in weeks not months. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/