[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: My ExcludeNodes list...post yours

On Fri, Aug 18, 2006 at 09:26:48AM -0400, Michael Holstein wrote:
> > Depending on what constitutes authentication (and encryption).  If the
> > encryption adds integrity to the authentication (if not there already)
> > and prevents an eavesdropper from being able to trivially learn what
> > is needed to masquerade as you, then it has value against adversaries
> > not sophisticated enough or motivated enough for stream
> > hijacking. Good enough for many purposes. But in principle and
> > for more sensitive usage your point is well taken, thus worth raising.
> You need not stream-hijack .. you can cookie-jack (like in Yahoo's case
> .. would give you 24hr access) .. then you look through old mail to see
> who else somebody does business with, request password-resets be emailed
> to you, and viola! You're in.
> If you use TOR 24x7, I'd suggest judicious use of FoxyProxy's rules to
> ensure traffic that you'd rather be secure than anonymous just use your
> own ISP (why pass a message through 3 strangers when you don't have any
> desire to deny you sent it?).

Absolutely agree on all points. Of course in what you've described the
cookies are part of the authentication mechanism, or you couldn't do
the attack you mentioned. So cookies should be encrypted as well to
really follow my point. But this shows that appearing to protect
authentication and actually protecting it are two different
things. I'm guessing there's violent agreement there between you, me,
and M. I was mostly reacting to the statement that "[e]ncrypting
authentication has _no point_ if rest of the communication is
unencrypted" (my emphasis). I was, however, being a bit persnickity,
probably a vestige of my early years designing modal logics to analyze
authentication protocols.

Paul Syverson                              ()  ascii ribbon campaign
Contact info at http://www.syverson.org/   /\  against html e-mail