- From: Steve Parker <sparker@well.com>
- Date: Mon, 14 Jun 1999 21:13:16 -0700
- To: 'Ben Laurie' <ben@algroup.co.uk>
- Cc: 'Alex Kodat' <ALEX@sirius.sirius-software.com>, hallam@ai.mit.edu, http-wg@hplb.hpl.hp.com
> From: Ben Laurie [mailto:ben@algroup.co.uk] > Err? And who leaves their private key lying around unencrypted? That's the question I would have asked myself until recently. Doesn't help (well, just a slight delay) - see Shamir and van Someren's paper "Playing hide and seek with stored keys", delivered to this year's Financial Cryptography conference: "We describe efficient algebraic attacks which can locate secret RSA keys in long bit strings, and more general statistical attacks which can find arbitrary cryptographic keys embedded in large programs. These techniques can be used to apply lunchtime attacks on signature keys used by financial institutes, or to defeat authenticode mechanisms in software packages." Shamir is the S in RSA. Useful tips on how to recover cryptographic keys from Windows NT can be found at Peter Gutmann's pages: http://www.cs.auckland.ac.nz/~pgut001/index.html > > > Also, how can I be sure that the "client" serving up the > > certificate is the endpoint? A toolkit like WIDL would appear to > > provide a screen scraping capability for http which effectively > > creates a potential proxy, of which I, at the server end have > > no knowledge. Even if I have a cryptographically secure tunnel, > > and have a certificate, how do I know that someone hasn't added > > their own plumbing to the client? > > Why do you care? If I trust the certificate alone, then I am mistakenly trusting a program, not an individual ... then I have delegated authentication to that program. > What were you planning to add to certs+crypto to make it more secure? I don't have a perfect answer. I would at least add passwords. And not use NT. Unfortunately, there is no plateau with security, and no soundbyte solution. > Cheers, > > Ben. > Regards, Steve
Received on Monday, 14 June 1999 21:19:04 UTC