Open
Bug 233836
Opened 21 years ago
Updated 2 years ago
implement DH-EKE based secure password based authenticated key exchange
Categories
(NSS :: Libraries, enhancement, P4)
Tracking
(Not tracked)
NEW
People
(Reporter: hauser, Unassigned)
Details
User-Agent:
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040207
Bug 122445 has endless discussions how to reduce the effect of the possiblity to
spoof a login screen. Whatever is discussed there appears to mainly fight the
symptoms and not the root cause.
Therefore, I suggest to amend Mozilla (or should this rather be posted to
firefox?) with a real solution of the problem as per:
"Secure Password-Based Cipher Suite for TLS", M. Steiner et al., TISSEC, 2001,
vol 4, #2, pp134-157, May, 2000
abstract = {SSL is the de-facto standard today for securing
end-to-end transport on the Internet. While the
protocol itself seems rather secure, there are a
number of risks that lurk in its use, e.g., in web
banking. However, the adoption of password-based
key-exchange protocols can overcome some of these
problems. We propose the integration of such a
protocol (DH-EKE) in the TLS protocol, the
standardization of SSL by IETF. The resulting
protocol provides secure mutual authentication and
key establishment over an insecure channel. It does
not have to resort to a PKI or keys and certificates
stored on the users computer. Additionally, its
integration in TLS is as minimal and non-intrusive
as possible.
A good illustration is http://www.semper.org/sirene/publ/SBEW_01EKETLS.pdf
---------
Alternative approaches: Charlie Kaufman and Radia Perlman: "PDM - A New Strong
Password-Based Protocol", or Victor Boyko et al. "Provably Secure
Password-Authenticated Key Exchange Using Diffie-Hellman
(http://eprint.iacr.org/2000/044.pdf) , or other discussions at
http://grouper.ieee.org/groups/1363
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Actual Results:
.
Expected Results:
.
.
Comment 1•21 years ago
|
||
-> psm, I believe
Assignee: security-bugs → kaie
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bmartin
Version: Trunk → 1.01
Updated•21 years ago
|
Version: 1.01 → unspecified
Updated•21 years ago
|
Assignee: kaie → wchang0222
QA Contact: bmartin → bishakhabanerjee
Updated•21 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•21 years ago
|
||
If this affects TLS/SSL, then it will surely also affect PSM. There will be
UI issues for getting the user's password.
Rolf, two questions:
1. Is there any TLS/SSL server product against which a new client implementation
could be tested?
2. What about implementing this for http authentication.
Is there an RFC or ID for that?
Seems to me a lot more people would benefit from having EKE in that than in TLS.
Reporter | ||
Comment 4•21 years ago
|
||
Just checked with Steiner (he's now at IBM Watson): Unfortunately, there doesn't
appear to be further work on this in that company right now.
The Bell-Lab PAK (see ref below) appears to be another viable option and has an
open source implementation. There may, however, be intellectual property rights
issues from a standards perspective ...
SRP from Wu's might be another alternative.
Best is probably to check with the authors whether they would be interested in
reactivating that - or try to motivate another institution with less corporate
constraints (e.g. http://zisc.ethz.ch/).
----
Victor Boyko and Philip MacKenzie and Sarvar Patel: Provably Secure
Password-Authenticated Key Exchange Using Diffie-Hellman
CryptEAr, Report 2000/044, Sept., http://eprint.iacr.org/2000/044.ps.gz
Comment: PAK (proven with random oracles and DDH assumption).
Bell Labs/Lucents also offers free-for-non-commercial software of
PAK integrated in ftp / telnet based on the SRP implementation:
http://cm.bell-labs.com/who/philmac/pak.html
Reporter | ||
Comment 5•20 years ago
|
||
see Bug 268835 for an idea how to make this even more phisher-proof
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•19 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Updated•18 years ago
|
Priority: -- → P4
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•