Re: [dix] Agenda bashing

Eliot Lear <lear@cisco.com> writes:

> thayes0993@aol.com wrote:
>> I believe that PwdHash does rely on a certain level of proof of the
>> server's identity.  The browser needs to decide that
>> the domain name that the server is presenting actually belongs to it. 
>> This is usually done by relying on SSL/TLS.
>> If the false server can convince the browser that it is in fact the
>> targeted domain, then the browser will happily
>> transmit the full credential (H(password, domain)) to the server.
>>
>> PwdHash does NOT require that the proved domain match anything the
>> user has in mind.  That is, the identity
>> does not need to be presented to the user, or compared against
>> anything the user is doing. This seems to be the
>> primary problem in phishing attacks (the last foot).  That's where the
>> real advantage of techniques like PwdHash are.
>
> Pretty neat.  There are two problems that still really need to be
> addressed.  The first is that you need to manage a transition.  It must
> be clearly visible to the user when PwdHash is used and when it is not. 
> Otherwise someone just phishes the original password and that's the ball
> game.

Of course. Hence all my ranting about how this is a UI problem.

> Second, PwdHash still relies on the underlying security of the user's
> computer.  I don't know about you but that is a goal I would like to
> address.  I want a means to have a secure opaque channel of
> communication between the server and the smart card.  That's what I'm
> looking for from the IETF.

Well, you could clearly use PwdHash this way. In fact, that's how
your industry standard challenge-response token works. But it doesn't
really help because you don't have HRA against an attacker who
controls the victim's computer. So, they don't capture your
authentication string but they capture the immediately following
session.

-Ekr

_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix