canmove, Confirmed users
725
edits
Services/KeyExchange: Difference between revisions
Jump to navigation
Jump to search
→Meeting Notes
| Line 379: | Line 379: | ||
== Meeting Notes == | == Meeting Notes == | ||
* Connections to the PAKE server should be over SSL | # Easy setup (substantially easier than now) is a blocker for Fennec 4 since Sync will be marketed as /the/ feature for Firefox Mobile. We need a solution for Firefox + Fennec 4. | ||
# J-PAKE algorithm as proposed here allows exchange by only requiring typing of relatively short PIN on device that's already set up (though a trivial change could allow the typing to always be on the desktop machine, no matter whether it's the receiving or sending end). | |||
# Did we look at alternatives to J-PAKE? | |||
** QR codes: necessary platform work not possible on all platforms in the given time frame | |||
** Bonjour/Zeroconf: same as above | |||
# Concerns | |||
** Confidence in J-PAKE: paper submitted to journal for official publication only recently, no peer review yet. | |||
** Shorter PIN good for UX, but increases possibility of channel hijacking. | |||
# Proposals to prevent simple attacks | |||
** Connections to the PAKE server should be over SSL, eliminates man-in-the-middle attacks. | |||
** Channel exhaustion from DoS: need effective IP blocker | |||
** Only allow client that requests channel + the next client that connects to it to use the channel (limits eavesdropping/manipulation attacks) | |||
** Only allow a limited number of attempts to use transfer via J-PAKE, fall back to traditional account setup. | |||
# Potential attacks (after above measures) | |||
** Compromised server does an online attack | |||
** Hijack channel before user enters the PIN. Need to guess whole PIN (channel + secret) to do harm. | |||
# Alternative suggestions | |||
** Various word or sentenced based methods, all of which are pretty much impossible to localize. | |||
** Have the mobile display a ~20 a-z character key (~100 bits of entropy) which user enters on the desktop. This 20 char key is used to make a 128 bit AES key, the hash of the key is the channel ID on the server. Mobile encrypts data, uploads to channel, desktop downloads and decrypts. UX is worse (but still better because you enter ~20 chars on desktop rather than email + password + Sync Key on mobile), security is better. | |||