Mitchell Stoltz wrote:
>
> Bagus Mahawan wrote:
>
> > And one last question,
> > Is it possible for an attacker to read key3.db and cert7.db ? I would be
> > happy if there is any docs explaining the format of those *.db files (to see
> > if they can be read easily by an attacker or not).
>
> If an attacker can read files on a user's drive, then we have already
> lost and there is no sense in trying to protect individual files.
I think you've forgotten about shared computers.
Most home computers and many work computers are shared computers.
The security files whose contents are sensitive are encrypted. Even if the
attacker can download them, he gets only encrypted data, and must manage
to decrypt the data to be able to use it. The encryption key is in the
owner's head.
Individual users still can have security for their private keys (and hence
for their encrypted emails) on shared systems, as longs as they don't reveal
the password used to decrypt their private key database.
> In NS6, at least, I have worked very hard to keep an attacker from being
> able to access a user's files. The major mechanisms are these: 1) a
> website cannot load or link to a file on the user's drive,
That's good.
> and 2) The
> user's profile directory, which contains the cert db files, has a
> randomized, unguessable directory name in its path, so unless an
> attacker can list the contents of directories on the user's drive, they
> won't be able to find the cert db files or anything else in the Mozilla
> profile directory.
There's also a downside to that. Users won't be able to remember the path,
and instructions for users on how to solve problems with the contents of
those files will be more complicated.
> Local files are safe turf. Whether they can be "read easily" by an
> attacker is the wrong question - an attacker shouldn't even be able to
> get to these files or know where they are located.
Think shared computers.
> -Mitch
--
Nelson Bolyard http://nelson.bolyard.com/
