[Cryptography] Toxic Combination

[Peter Gutmann]

Ben Laurie <benl at google.com> writes:

>I think that's a completely unfair accusation - the difficulty has always
>been the lack of a _usable_ way to _securely_ implement such protocols.

You forgot the rest of the list that gets trotted out:

It won't scale, there's no user demand, there's insufficient industry support, 
I ran out of gas, I had a flat tire, I didn't have enough money for cab fare, 
my tux didn't come back from the cleaners, an old friend came in from out of 
town, someone stole my car, there was an earthquake, a terrible flood, 
locusts!

There have been endless studies done and papers published on how to do
perfectly usable shared secret-based authentication.  Heck, I devote
significant chunks of my book (draft) to them, I'd be surprised if there were
less than a hundred references to published work on how to do it.

>And it has to be secure - which includes "not allow credential theft _even by
>the site operator_".

Oh, that's a new one: Set a requirement that can't possibly be met (except
perhaps through the use of magic) and then claim you can't meet that
requirement, therefore it's not worth doing.

Looking past all the excuses, there is one, and only one, reason why no
browser supports proper shared secret-based mutual auth: The browser vendors
don't want to do it.  Meanwhile they're busy implementing more mission-
critical stuff like live in-browser video chat via WebRTC, because that's
functionality that everyone has been crying out for for a web browser.

Peter.