Re: entropicdata.com ?

[Nate Lawson <nate () root org>]

Dave Aitel wrote:
> Lots of people are doing things in web services (AJAX, etc) that require
> real crypto. So they implement RSA/twofish/etc in Javascript and run
> that in the browser. But this requires a way to generate a key which
> requires some entropy. There's no "feed of random numbers" that I know
> of on the web that you can use to seed your crypto, probably because of
> cross site restrictions. But it seems like either google gears, HTML5,
> or one of the other new extensions should offer it as a built-in API.
>
> Likewise if they allowed you to get data from other sites (which the new
> Firefox does sometimes?) then you could set up a web service for people
> to use to get their entropic data from (over SSL of course :>).
>
> What else are people using for this? It seems to be a bit of a theme
> here at SyScan (re: David Thiel's RIA presentation). Is there an API in
> Silverlight/Flash/etc that lets you get entropy and then give it back to
> the browser context?

Hold on here. You're running Javascript RSA in your browser. Where did
that Javascript come from? Right, you have to load it over SSL to be
sure the Javascript is unmodified. But if you're already using SSL, any
crypto you implement browser-side can only be less reviewed and more
likely to explode, in addition to requiring SSL anyway.

Loading your random data over HTTP is a bad idea too. DSA reveals your
private key to an attacker if even a few bits of the random nonce are
predictable:
http://rdist.root.org/2009/05/17/the-debian-pgp-disaster-that-almost-was/
http://rdist.root.org/2009/05/20/amazon-web-services-signature-vulnerability/

Please stop Web 2.0 from reimplementing crypto, badly. Help computer!

-- 
Nate
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave