Re: [dix] Agenda bashing
Eric Rescorla <ekr@networkresonance.com> Thu, 06 July 2006 14:23 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyUlH-0000W6-Km; Thu, 06 Jul 2006 10:23:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyUlG-0000W1-V3 for dix@ietf.org; Thu, 06 Jul 2006 10:23:22 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FyUlE-0007BZ-Jz for dix@ietf.org; Thu, 06 Jul 2006 10:23:22 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id D8B911E8C1F; Thu, 6 Jul 2006 07:23:19 -0700 (PDT)
To: Eliot Lear <lear@cisco.com>
Subject: Re: [dix] Agenda bashing
References: <20060703172550.A182A222425@laser.networkresonance.com> <44A973DC.9040801@cisco.com> <86zmfqa0au.fsf@raman.networkresonance.com> <8C86E9E37E4BD3C-1288-2A5B@FWM-D05.sysops.aol.com> <44ACA9CF.7090605@cisco.com> <86fyhej3hg.fsf@raman.networkresonance.com> <44AD1A86.1050300@cisco.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Thu, 06 Jul 2006 07:23:19 -0700
In-Reply-To: <44AD1A86.1050300@cisco.com> (Eliot Lear's message of "Thu, 06 Jul 2006 16:13:26 +0200")
Message-ID: <864pxuhkx4.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc: Digital Identity Exchange <dix@ietf.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>, Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Eliot Lear <lear@cisco.com> writes: > Eric Rescorla wrote: >> Well, you could clearly use PwdHash this way. In fact, that's how >> your industry standard challenge-response token works. But it doesn't >> really help because you don't have HRA against an attacker who >> controls the victim's computer. So, they don't capture your >> authentication string but they capture the immediately following >> session. >> > > PwdHash as an algorithm doesn't protect you from a host computer > compromise. For that you need architectural separation, which is why > smart cards etc exist. Yes, Eliot, I'm really quite familiar with the principle of two-factor authentication. My point was that the algorithm that PwdHash employs is basically the same one that your average challenge response token uses. It's purely a matter of location. > It remains up to the end server as to what > transactions might require additional authentication. So for instance, > a bank may choose to authenticate on new payees for online billing or > for particularly large transactions. Or not. The problem is that this only sort-of protects you against host computer compromise because the token that the user authenticates with generally isn't cryptographically bound to the request the user is making. This allows the crimeware to claim it's requesting you to use your token for innocuous purpose X (e.g, routine security check) but to actually be using it for malicious purpose Y. So, it's a liveness check, but not a misuse check. See also [BF99]. -Ekr [BF99] "Hand-Held Computers Can Be Better Smart Cards." Dirk Balfanz and Edward Felten. Proceedings of USENIX Security '99. Washington, DC. August 1999. _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- Re: [dix] Agenda bashing Eliot Lear
- [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Haripriya S
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing thayes0993
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Ben Laurie
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re[2]: [dix] Agenda bashing Chris Drake