[Cryptography] Toxic Combination

Fedor Brunner fedor.brunner at azet.sk
Tue Dec 2 08:46:28 EST 2014

On 30.11.2014 23:58, Alfie John wrote:
> On Mon, Dec 1, 2014, at 08:55 AM, Guido Witmond wrote:
>> I'm starting to consider the combination of current best practice with
>> server certificates and password to be a Toxic Combination.
>> The general issue is twofold:
>>     People need to validate the authenticity of a site before typing in
>> their password;
>>     The password gets transmitted to the other party.
> And this is taken advantage of every day by phishing attacks. However
> although your solution of setting up DNSSEC and DANE is the _correct_
> solution, it's just too complex and hard to get right for a lot of
> system admins so it's not going to get uptake - just look at how PGP is
> also the _correct solution_ for encrypting messages and yet has not had
> the uptake since 1991!
> I think a better solution would be something like implementing Digest
> Authentication (RFC 2069, but replacing MD5 with something like AES-256
> and allow it to be upgradable) in the browser. The password field value
> would then be replaced with the value from the DA call and no secrets
> would be leaked. This solution would get way faster adoption.
> Alfie

For example XMPP protocol supports password authentification using
"Salted Challenge Response Authentication Mechanism" (SCRAM)

RFC 5802

This is authentication using salted PBKDF2 calculated with iterated

SCRAM supports also channel binding to external secure channels, such as
TLS. This allows for detection of MITM using a valid SSL certificate.
(RFC 5056)

>> Most people assume that if it looks like their bank and the address bar
>> is green then it should be safe. Regrettably, it’s not. Criminals obtain
>> valid certificates using stolen creditcards and passports. The true
>> method for authenticating a site requires verification of server
>> certificate fingerprints. And if you don’t know what that means, you
>> have to spot the spelling errors, the differences in layout and other
>> mistakes to detect the scammers. Good luck!
>> The second part is just as problematic: The password must remain secret,
>> yet it must be transmitted to the other side to log in.
>> This is the Toxic Combination. One failure to detect a scammer’s site
>> and the password is compromised. The scammers can do everything that you
>> can do with the password.
>> [promo]
>> For more information, please see:
>> http://eccentric-authentication.org/blog/2014/11/30/spot-the-differences.html
>> http://eccentric-authentication.org/Usable-Security.pdf
>> [/promo]

More information about the cryptography mailing list