[Cryptography] So please tell me. Why is my solution wrong?

Natanael natanael.l at gmail.com
Tue Feb 7 20:23:00 EST 2017


Den 7 feb 2017 20:18 skrev "Joseph Kilcullen" <kilcullenj at gmail.com>:

This is a link to my original post back in June 2016. You people never told
me why my solution is wrong.

So please tell me. Why is my solution wrong?

Here's a link to the latest version of the paper:
https://arxiv.org/abs/1511.03894


(edited to not top post this time)

What's with the attitude?

Trusted interfaces is an old idea. You have at least that idea right.

Qubes OS is a recent example of using trusted interfaces;
https://www.qubes-os.org/screenshots/

Browser based controls have been proposed previously. Problem is that that
isn't enough by itself if such interfaces aren't used everywhere and if the
the users are careless. You need to users to be educated on how it works,
and proactive.

Also, it would work better if it used trusted inputs mixed with phishing
proof authentication protocols like FIDO's U2F / UAF that binds the
authentication response to the TLS session, blocking replay attacks and
MITM. This way the user secret isn't useful anywhere outside his own
browser.

Consider a process such as having the browser always tell you "on this
site, press the interception safe keyboard button X to open the login
prompt", and using something like a YubiKey that require you to press its
button to perform the challenge-response protocol, and then to ask the user
to enter his PIN / password to prove it is him at the computer.

This may be combined with a unique and secret color scheme per user to
further reduce the risk of forgery in the case of targeted attacks.

The user would be conditioned that the website can't open a safe login
prompt by itself and that only the browser provides the prompt, and that he
shouldn't share his secrets (password, PIN) outside it. It is also simpler.

The more similar the correct process is every time, the more likely it is
that the flaws of an attempt at phishing will alert the user that something
is wrong.

Meanwhile a fake website can not in any anyway use your credentials in any
manner without stealing them directly, which would require hacking your
browser to directly forge the 2FA request. Otherwise, compromise requires
stealing your hardware token and also figuring out your password or PIN.

Just getting your memorized credentials (PIN) alone gets them nowhere if
they can't also get the accompanied 2FA secrets / hardware.

In your scheme (if I read it right), a user just have to be forgetful once
and it fails. Sending plain passwords is a dated solution that should be
deprecated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170208/70cb120d/attachment.html>


More information about the cryptography mailing list