Thus spake Moritz Bartl (moritz@xxxxxxxxxxxxxx): > On 11.10.2011 04:07, Mike Perry wrote: > >> At the moment, I cannot think of any attack vectors once you combine it > >> with enabled Torbutton (or a stripped down Tor Browser) where active > >> scripting/access to the DOM is disabled completely. > > Actually, these attacks are generally prohibited by strong isolation > > between the content script and the XUL script. In XUL, you can read > > the ciphertext, extract it, decrypt it, and display it in a protected > > XUL window without introducing risk, IF all steps are done properly. > > I was thinking of the obvious interaction a user expects for encryption > of plaintext data: I type data into a web form, when I am done I execute > the encrypt command. > I don't see how you can isolate web forms in the DOM in a way that it > cannot be read in between typing and encrypting the data. Yes, good to clarify. I was assuming that all encryption and decryption UI would be 100% independent of the normal content window, aside from perhaps a context menu (though even that is prone to deception issues and clickjacking). The UI should not provide a way to encrypt text that has already been typed into a form. Even non-malicious JS can screw you for that user model. For example, Gmail will save plaintext drafts of your email periodically "just in case", which will defeat the purpose of the addon entirely. The UI should open an alternate XUL window for user input using a context menu or toolbar button, and should instruct users not to type sensitive plaintext into existing form boxes prior to use of the XUL window. Lots of tough UI issues to solve on the encryption side, it seems. Perhaps almost as tricky as safely handling the potential hostile input and safely displaying the output for the decryption side. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgppWirZk1RPh.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk