Yup, that's right: All PKI authentication is only as good as the passwords protecting private keys where such passwords exist, and the complementary endpoint security controls.
The server is 'authenticated' by the site admin installing a cert and entering a password. After that the machine is a device with 'power of attorney-like' privileges about the site's authentication. If the site admin account is compromised, so is the site authentication offered by the site SSL cert. If the user has a client cert, it is used when the client validates the user's password. No password on the client cert = no user auth, merely authentication of a public/private key pair that might be under the user's control. Thus the server sees a crypto outcome controlled solely by strength of the user's password - nothing more (assuming an otherwise secure client). If the user has a password but no cert, then authentication occurs at the server accepting the user's password. Local attacks at the client end include the range of local account hacks, and any backdoor/trojan/keysniffing malware that allows an attacker remote access to the user's password and or private key. Lyal -----Original Message----- From: Tim [mailto:[EMAIL PROTECTED] Sent: Tuesday, 14 March 2006 10:02 AM To: Lyal Collins Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] HTTP AUTH BASIC monowall. > Although something else may have been intended by using the phrase > "password-authenticated key agreement", lets not forget that's all PKI > is - key agreement based on verifying a password. At the server end, > the site admins password is verified e.g. for SSL servers At the > client, if you're lucky, the user chose a hard to crack password. Hmm... Your terminology is sounding a bit off. Passwords are symmetric keys. PKI stands for Public Key Infrastructure. I think what you mean here is that the server's public key (contained in the certificate) is verified based on a provided signature/challenge generated by the server's private key, and by signatures of "trusted" certificate authorities, along with a whole host of other things. Sure the site admins may protect their private key with a password, but even if they don't, it has nothing to do with the PKI. As for the client side, they usually use passwords, but they may also use client-side certificates in SSL with no password at all. > That, and the access controls on each ndpoint is all that > authenticates any PKI-based schema. True, if you are worried about local attackers at the endpoint. These access controls are usually permissions in conjunction with a symmetric key (password). tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
