Re: entropicdata.com ?

[Nate Lawson <nate () root org>]

Dave Aitel wrote:
> Sure so one perspective is that anything cryptographic has to get done
> on the server. Which seems perfectly valid, but in some cases people
> don't want to do it that way.
>
> Maybe they want to sign something, without having to upload it to the
> server, say. Or maybe they just don't want to burden the server with
> tons of crypto. There's lots of good reasons to do crypto without
> reinventing SSL.

Could you finish your example? They are signing something, which is
verified by ... ?

Any scenario I come up with to complete your example has problems. Where
does the private key come from to sign it? How did the web browser get
this key and code. Where does the recipient of this data get the cert to
validate the signature?

> And, of course, the cross domain stuff coming out makes this more
> likely, I assume.

I'm interested in your proposal here. How would Javascript signatures help?

-Nate

> > Hold on here. You're running Javascript RSA in your browser. Where did
> > that Javascript come from? Right, you have to load it over SSL to be
> > sure the Javascript is unmodified. But if you're already using SSL, any
> > crypto you implement browser-side can only be less reviewed and more
> > likely to explode, in addition to requiring SSL anyway.
> >
> > Loading your random data over HTTP is a bad idea too. DSA reveals your
> > private key to an attacker if even a few bits of the random nonce are
> > predictable:
> > http://rdist.root.org/2009/05/17/the-debian-pgp-disaster-that-almost-was/
> > http://rdist.root.org/2009/05/20/amazon-web-services-signature-vulnerability/
> >
> > Please stop Web 2.0 from reimplementing crypto, badly. Help computer!
> >
> > --
> > Nate
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave