Re: Spoofing as the postmaster - Mailing list pgsql-hackers
| From | Mark Mielke |
|---|---|
| Subject | Re: Spoofing as the postmaster |
| Date | |
| Msg-id | 47757630.1010401@mark.mielke.cc Whole thread Raw |
| In response to | Re: Spoofing as the postmaster (Andrew Sullivan <ajs@crankycanuck.ca>) |
| Responses |
Re: Spoofing as the postmaster
(Magnus Hagander <magnus@hagander.net>)
|
| List | pgsql-hackers |
Andrew Sullivan wrote: <blockquote cite="mid:20071228215734.GA26152@crankycanuck.ca" type="cite"><pre wrap="">On Fri, Dec28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote: </pre><blockquote type="cite"><pre wrap="">I don't follow. What arebanks doing on the web now to force clients to authenticate them, and how is it any different from the model of training users to check the SSL certificate? </pre></blockquote><pre wrap=""> Some banks (mostly Swiss and German, from what I've seen) are requiring two-token authentication, and that second "token" is really the way that the client authenticates the server: when you "install" your banking application, you're really installing the keys you need to authenticate the server and for the server to authenticate you. </pre></blockquote> I have done this for my own application before. Althoughthe client and server use standard TLS 1.0 to speak to each other with a required authentication of RSA 1024-bitand a required encryption of AES 128-bit, it still requires that passwords sent from the client to the server areRSA encrypted using the server public certificate, making it impossible for anybody except for the legitimate server tosee the password. One benefit of this is that the password itself can be '\0'd out as soon as we have RSA encrypted it,and things like a core dump of the client have a lower chance of including the password in plain text.<br /><br /> Inmy case, the reason I did it is because I was trying to navigate around the US export control regulations that preventgreater than 1024 bit assymetric or 128 bit symmetric from leaving the US. I was able to use the standard Java SSLand crypto libraries to achieve greater than 128 bit symmetric encryption by combining the two.<br /><br /> Now, my implementationisn't perfect with regard to Andrew's comments, as I encrypt using the server's public certificate after authenticatingit. Technically, however, I could actually have two server certificates - one to use for authentication, andone to use for encryption. I believe this is becoming common in some circles, and you will find that gpg uses DSA keysfor authentication, and signs the RSA keys used for encryption with the DSA key. The DSA key can be more bits, or havea longer life time.<br /><br /> At what point does prudence become paranoia? I don't know. In my case, I felt 128-bitencryption was insufficient for protecting the passwords in my application. 256-bit encryption would have been sufficient,but that cannot yet be safely exported from the US to the countries I required.<br /><br /> Cheers,<br /> mark<br/><br /><pre class="moz-signature" cols="72">-- Mark Mielke <a class="moz-txt-link-rfc2396E" href="mailto:mark@mielke.cc"><mark@mielke.cc></a> </pre>
pgsql-hackers by date: