geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Flick <directr...@yahoo.com>
Subject Re: AW: Security configuration
Date Tue, 01 Jun 2004 22:19:26 GMT
--- hbaxmann <holger@bitwind.org> wrote:
> > > > > is not particularly secure and I would
> prefer to have a
> > > more robust
> > > > > solution (say with encrypted passwords ;-) )
> but it 
> > works for now.
> > > > >
> > > > 
> > > > <sarcasm>
> > > > Why not via SRP ?
> > > > </sarcasm>
> > > > 
> > > > sorry, could not resist
> > > 
> > > Interesting, how would this fit into Geronimo to
> provide the
> > > general JAAS login mechanisms to obtain
> subjects?
> > > 
> > 
> > You are asking seriously? 
> > 
> > http://srp.stanford.edu/
> > 
> > Then in all aspects. There are many LoginMudules
> avail with SRP.
> >  
> > But, unfortunately it is useless.
Strong words there.  Bite your tongue.

>  Because secure passwords 
> > does simply not
> > exist:
> > 
> >
>
http://fiatlux.zeitform.info/en/instructions/passwords.html
> > 
> > Theoretically and in a academic point of view, and
> only 
> > there: it provides
> > security to a secure token (the password) on the
> wire - but 
> > nowhere else.
Wrong, it hashes the password on the server side, but
granted given failed physical security a dictionary
attack could potentially get at it.  But this is true
for any authentication mechanism I know of.

> > Nobody, nobody will try to exploit your delivery
> of PASSWORDS 
> > on the wire.

Just from personal experience, I can tell you that
what you say is false.  You are assuming things
outside of your domain of knowledge, and then trying
to convince others of your viewpoint.  Stop it.  You
are causing harm.
If a potential hacker has access to your network, or
is an employee or something, running a packet sniffer
can be trivial.  If a tool is available to crack
passwords using certain protocols it becomes even more
trivial, to hack your box.
Allowing security, such as challenge and response or
something similar, just because passwords are
inherently weak anyways is a very bad idea.  Either
seal up any holes you can, or just send out invites to
hack your new weakly authenticated server.
Also, although SRP is not a 3-party authentication
system, it can still be centrally managed and
distributed, with a little bit of common sense.  And
it does not suffer from the weaknesses (talking line
level again here) of the 3 party kerberos.
Furthermore, using SRP doesn't just authenticate the
user it:
* ensures you are connecting to the intended party
(authentication cannot succeed if trying to
authenticate against the wrong machine)
* prevents man-in-the-middle attacks
* prevents offline dictionary attacks
* provides a shared secret as a byproduct of
successful authentication which can be used to
symmetrically encrypt further communications.

> > You need five points to do not make the
> non-existing security 
> > of passwords
> > not more worth:
> > 
> > Don't tell anyone your password. 
> > Don't write your password down anywhere. 
> > When you decide on a password, make sure it can't
> be guessed. 
> > If you think there's even a chance someone else
> might know 
> > your password,
> > change it. 
> > Make sure no one is standing near you when you
> enter your password 
> > In the point of real security: passwords do not
> have a 
> > security aspect.
Every little bit helps, good tips but having secure
transmission of passwords is a very good idea too. 
Your points are just policy.

> > 
> > These points depends all on exclusively on human
> interaction. 
> > The algorithm
> > has zero chance.
Why don't you try investigating SRP a little better. 
Sure you can still do a dictionary attack over the
network, but it is orders of magnitudes slower, and
there are methods of throttling auth attempts so that
it could be pretty much pointless to try.

> > 
> > So the SRP implementations are a marcetecture
> thingy, more 
> > worse because
> > they are a feint of security.
Given proper selection of user names and passwords,
SRP would be very nice to use, indeed.  Its just
another component of a properly secured system.  Oh
yeah, and jBoss apparently thinks SRP is a good idea
too, as they have a SRPLoginModule.
I just don't quite understand your reasoning behind
discouraging this.  Also, you can't exactly use your
articles as a point of reference as they just talk
about policy also.

Edward Flick



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

Mime
View raw message