Re: Spoofing as the postmaster

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Cc: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-28 22:30:08
Message-ID: 477578F0.2010303@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Mark Mielke wrote:
> Andrew Sullivan wrote:
>> On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote:
>>
>>> I don't follow. What are banks doing on the web now to force clients
>>> to authenticate them, and how is it any different from the model of
>>> training users to check the SSL certificate?
>>>
>>
>> Some banks (mostly Swiss and German, from what I've seen) are requiring
>> two-token authentication, and that second "token" is really the way that the
>> client authenticates the server: when you "install" your banking
>> application, you're really installing the keys you need to authenticate the
>> server and for the server to authenticate you.
>>
> I have done this for my own application before. Although the client and
> server use standard TLS 1.0 to speak to each other with a required
> authentication of RSA 1024-bit and a required encryption of AES 128-bit,
> it still requires that passwords sent from the client to the server are
> RSA encrypted using the server public certificate, making it impossible
> for anybody except for the legitimate server to see the password. One
> benefit of this is that the password itself can be '\0'd out as soon as
> we have RSA encrypted it, and things like a core dump of the client have
> a lower chance of including the password in plain text.

Why are you even using a password in this case, and not just key-based
auth? Wouldn't that be even easier and more secure?

> At what point does prudence become paranoia? I don't know. In my case, I
> felt 128-bit encryption was insufficient for protecting the passwords in
> my application. 256-bit encryption would have been sufficient, but that
> cannot yet be safely exported from the US to the countries I required.

How do you protect the certificate store on the client? Or the binary
that ends up prompting for the password on the client?

//Magnus

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Mark Mielke 2007-12-28 22:39:51 Re: Spoofing as the postmaster
Previous Message Magnus Hagander 2007-12-28 22:26:36 Re: Spoofing as the postmaster