LinkedIn password database compromised

Leo Bicknell bicknell at ufp.org
Wed Jun 20 23:12:34 UTC 2012


In a message written on Thu, Jun 21, 2012 at 08:02:58AM +0900, Randy Bush wrote:
> what is the real difference between my having holding the private half
> of an asymmetric key and my holding a good passphrase for some site?
> that the passphrase is symmetric?

The fact that it is symmetric leads to the problem.

The big drawback is that today you have to provide the secret to
the web site to verify it.  It doesn't matter if the secret is
transfered in the clear (e.g. http) or encrypted (e.g. https), they
have it in their RAM, or on their disk, and so on.  Today we _trust_
sites to get rid of that secret as fast as possible, by doing things
like storing a one way hash and then zeroing the memory.

But what we see time and time again is sites are lazy.  The secret
is stored in the clear.  The secret is hashed, but with a bad hash
and no salt.  Even if they are "good guys" and use SHA-256 with a nice
salt, if a hacker hacks into their server they can intercept the secret
during processing.

With a cryptographic solution the web site would say something like:

"Hi, it's 8:59PM, transaction ID 1234, cookie ABCD, I am foo.com, who are you."

Your computer would (unknown to you) would use foo.com to figure out
that bicknell at foo.com (or superman at foo.com) was your login, do some
math, and sign a response with your private key that says:

"Hi, I'm bicknell at foo.com, I agree it's 8:59 PM, transaction 1234,
cookie ABCD."

Even if the attacker had fully compromised the server end they get
nothing.  There's no reply attack.  No shared secret they can use to log
into another web site.  Zero value.

> s/onto web sites/this web site/  let's not make cross-site tracking any
> easier than it is today.

Yep.  Don't get me wrong, there's an RFC or two here, a few pages of
code in web servers and browsers.  I am not asserting this is a trival
change that could be made by one guy in a few minutes.  However, I am
suggesting this is an easy change that could be implemented in weeks not
months.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120620/bdda6bf8/attachment.sig>


More information about the NANOG mailing list