Tony Arcieri wrote, On 01/24/2015 12:01 AM:
On Fri, Jan 23, 2015 at 1:57 AM, U.Mutlu <[email protected]> wrote:
Back to the roots: hashed pw over MITM-safe sessions (SRP, SPEKE etc, ie.
PAKE).
These aren't MITM safe. They're TOFU. They have no way to authenticate the
server.
They are MITM safe. Basically one needs just DH + Key Authentication,
for example H(DHkey,H(p)), whereby on server only H(p) is known and stored.
This authenticates not only the client to the server, but implicitly
also the server to the client, under the condition that the userDB
on the server is secured against theft. And in my draft solution this
is assured. Then we can forget about PKI wholly.
When you enroll a PAKE account, if you're talking to a MITM server, you're
toast. The MITM can then enroll with the real service on your behalf and
transparently proxy everything through, except the MITM will have the real
credentials, and your credentials will only work with the MITM.
Also: passwords suck and need to go away.
Nope, exactly the opposite is true: one must use PAKE instead of PKI.
Nothing can be secure if intermediary parties are involved, as is the case
with PKI.
cu
Uenal
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
