encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
David Wagner
daw at cs.berkeley.edu
Wed Jun 8 20:27:16 EDT 2005
Ben Laurie writes:
>Why is it bad for the page to be downloaded clear? What matters is the
>destination is encrypted, surely?
Because the page you downloaded in the clear contains the https: URL
in the post method. How do you know that this is the right URL? If
you got the page in the clear, you don't. An attacker who can provide
a spoofed page (by DNS cache poisoning, "pharming", MITM attacks, or
any other method) could substitute a post URL that sends your sensitive
data to hackers-r-us.com.
That said, I don't see how adding an extra login page to click on helps.
If the front page is unencrypted, then a spoofed version of that page
can send you to the wrong place. Sure, if users were to check SSL
certificates extremely carefully, they might be able to detect the funny
business -- but we know that users don't do this in practice.
Dan Bernstein has been warning of this risk for many years.
http://cr.yp.to/djbdns/bugtraq/19991114052453-12962-qmail@cr-yp-to
http://cr.yp.to/dnscache/bugtraq/19991115014346-20612-qmail@cr-yp-to
As far as I can tell, if the front page is unencrypted, and if the
attacker can mount DNS cache poisoning, "pharming", or other web spoofing
attacks -- then you're hosed. Did I get something wrong?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list