From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/55749 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: netrc.el now supports encoded files Date: Tue, 06 Jan 2004 23:00:17 +0100 Sender: ding-owner@lists.math.uh.edu Message-ID: References: <4n3caut1yy.fsf@collins.bwh.harvard.edu> <2268.217.208.174.213.1073395735.squirrel@217.208.174.213> <4n8ykkzw59.fsf@collins.bwh.harvard.edu> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1073426435 20345 80.91.224.253 (6 Jan 2004 22:00:35 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 6 Jan 2004 22:00:35 +0000 (UTC) Original-X-From: ding-owner+M4289@lists.math.uh.edu Tue Jan 06 23:00:32 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AdzFY-0000f7-00 for ; Tue, 06 Jan 2004 23:00:32 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1AdzFT-0001FR-00; Tue, 06 Jan 2004 16:00:27 -0600 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1AdzFO-0001FM-00 for ding@lists.math.uh.edu; Tue, 06 Jan 2004 16:00:22 -0600 Original-Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by justine.libertine.org (Postfix) with ESMTP id 283533A0026 for ; Tue, 6 Jan 2004 16:00:21 -0600 (CST) Original-Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.10/8.12.10) with ESMTP id i06M0JAU027639 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 6 Jan 2004 23:00:20 +0100 Original-To: "Ding Mailing List" X-Hashcash: 0:040106:ding@gnus.org:4d4cd095cfaf2d58 In-Reply-To: (Steven E. Harris's message of "Tue, 06 Jan 2004 12:59:02 -0800") User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:55749 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:55749 "Steven E. Harris" writes: > Simon Josefsson writes: > >> I'm not sure the current netrc.el approach should be advertised as >> secure, there is more to file encryption than using some block >> cipher in CBC mode, and deriving the key and iv from a password. It >> is more like obfuscation. OTOH, obfuscation is what people seem to >> want. > > Now I'm confused. If encrypting the file with a symmetric cipher > doesn't count as "secure," what more would it take to make this system > secure? What's the difference between obfuscation and security in this > case? I think one attack the current approach doesn't cover for is a chosen-ciphertext attack. In other words, the encrypted data is not integrity protected. So the attacker can replace, e.g., the final encrypted block without being detected. Incidentally, in the authinfo format, the password is often the last data, so the corruption caused in CBC mode by replacing a block doesn't have to occur. To finish the attack, the decrypted (garbage) password has to be leaked somehow, but this isn't completely unlikely. Another attack is cut'n'paste of cipher blocks. Consider if the user has two accounts, with a 8 character password (i.e., one block length), one on a secure server (i.e., SSL) and one insecure (i.e., cleartext LOGIN), and the insecure one is listed first in the .authinfo file -- the attacker can replace the last block with the one read for the first server, thus causing the user to send the password for the secure server to the insecure server. When Gnus is about to contact the secure server, it will only read garbage in the file (because CBC mode propagate errors), but then it may be too late. I believe gnupg uses integrity protection, that counter these problems.