shared secret alternative to DSA
Nathan D. Bowen
nbowen+yadis at andtonic.com
Sat Jun 4 13:20:38 PDT 2005
Paul Crowley wrote:
> This is a great model of the attacker.
> This is the right kind of thinking, but the trouble with this example
> is that it's much easier for him to just sniff her cookie once she's
> logged in, isn't it?
Yep, but a single compromised cookie is a single compromised user; a
single compromised secret key is many compromised users, because the
whole server-client relationship is compromised. So this is that
situation where one target is easier, but the slightly harder target is
much more valuable/attractive.
You're correct that any consumer more complicated than a
post-to-my-guestbook application will need session state and will
probably identify that state with a cookie after you log in. And, yes,
the ISP (or college IT staff, or whatever) can sniff that.
Let's say that if anyone cares so much about privacy they should get SSL
So let's say I run an OpenID consumer site, and I do get SSL hosting.
Now I am much more confident that my ISP isn't passively sniffing my
session cookies or content.
But if secret keys are sent in the clear, I cannot be confident that no
one is sniffing those. OpenID secret keys just became my weakest link,
and there's nothing I can do, even with money, to improve my security.
All I can do is try to persuade all of the OpenID servers in the world
to get SSL hosting -- or damage my interoperability by refusing users
from non-SSL OpenID servers.
> And why does forging IP headers make him feel like a cracker, but
> forging OpenID authentication tokens feels OK?
If he asked me, I'd recommend that he use the OpenID auth forging, his
feelings aside. He's more likely to get caught actively forging IP
headers at work than to get caught forging OpenID tokens after work from
the cafe down the street.
> As I say, though, I'm not stuck on this - I am a bit worried about
> whether this is best for the simplest clients, and if I can't bring
> people round, I'll drop it and move on to working out how to do DSA
How broken is our current use of DSA? I guess I've talked the
shared-secret stuff to death without really knowing what we're up
against if we skip it and keep DSA; I'm interested to hear about that.
More information about the yadis