I dont think your inference is necessarily correct. With reference to the
Berson report, consider the skype RSA keypair was for authentication only
(authenticating ephemeral key-exchange as described in the paper). The
public RSA key is certified by skype as belonging to your identity. They
would be able to do an email password reset with your client generating a
new keypair and skype recertifying it, using your knowledge of the new
password hash and ability to receive email at the registered address as
authorization.
Of course typing the password on the website (as it is now) would have some
"trust-us" limitations if it is not hashing the password in jscript. I see
there is jscript and the password reset will tell you need to enable
jscript, but I didnt actually see any evidence of pbkdf2/sha/md5 etc in that
code, however it has been minified and the browser itself does support some
kinds of password hashing, so thats not definitive. Even if it doesnt do
password hashing client side they may claim that it doesnt record the
password server side, just hash and store. But also and my point: its hard
to say at this point how password reset worked at the time the report was
written (2005).
Also it can be a defense that if its a choice between losing a user, who
prefers convenience over security, to offer a web based password reset is
optional. A user who cares can use a strong password entered only in the
client, and back it up.
Adam
On Wed, May 22, 2013 at 07:28:30PM +0200, Florian Weimer wrote:
* Adam Back:
If you want to claim otherwise we're gonna need some evidence.
<https://login.skype.com/account/password-reset-request>
This is impossible to implement with any real end-to-end security.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
