[Cryptography] Toxic Combination

Ben Laurie benl at google.com
Thu Dec 4 06:28:58 EST 2014

On Thu Dec 04 2014 at 7:22:16 AM Peter Gutmann <pgut001 at cs.auckland.ac.nz>

> Ben Laurie <benl at google.com> writes:
> >I think that's a completely unfair accusation - the difficulty has always
> >been the lack of a _usable_ way to _securely_ implement such protocols.
> You forgot the rest of the list that gets trotted out:
> It won't scale, there's no user demand, there's insufficient industry
> support,
> I ran out of gas, I had a flat tire, I didn't have enough money for cab
> fare,
> my tux didn't come back from the cleaners, an old friend came in from out
> of
> town, someone stole my car, there was an earthquake, a terrible flood,
> locusts!
> There have been endless studies done and papers published on how to do
> perfectly usable shared secret-based authentication.

Oh really? Please provide references. Actually, I don't have time to be
drowned in a million crap papers, so please, for now at least, provide a
reference for the best solution you are aware of (or two or three if
choosing is hard).

>   Heck, I devote
> significant chunks of my book (draft) to them, I'd be surprised if there
> were
> less than a hundred references to published work on how to do it.

There are many papers on how to do it badly. I have yet to see one (backed
by actual testing, I am not interested in usability by assertion) that's
actually deployable.

> >And it has to be secure - which includes "not allow credential theft
> _even by
> >the site operator_".
> Oh, that's a new one: Set a requirement that can't possibly be met (except
> perhaps through the use of magic) and then claim you can't meet that
> requirement, therefore it's not worth doing.

I did muse about that one for a while, and surely its the point of using
zero knowledge protocols? If it is not, then what is?

But if you really think its impossible, I'm certainly prepared to drop it
as a requirement.

> Looking past all the excuses, there is one, and only one, reason why no
> browser supports proper shared secret-based mutual auth: The browser
> vendors
> don't want to do it.

And you claim that don't want to because they're all is a secret cartel to
keep CAs in  business? Really?

>   Meanwhile they're busy implementing more mission-
> critical stuff like live in-browser video chat via WebRTC, because that's
> functionality that everyone has been crying out for for a web browser.
> Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141204/8094c7c7/attachment.html>

More information about the cryptography mailing list