> More importantly, some people have claimed that the entire password
> saving issue is a red herring since there is no way to protect a
> secret on the host.
I don't think I've said so, but I agree with those "some people".
> This criticism is worth thinking about more carefully. We suggest
> that Netscape "raise the bar" by using triple-DES and hiding key
> material for the cipher throughout the code. But can't you just
> apply some clever SoftICE to find the key? Of course you can! Doing
> so requires much more sophistication than simply cracking a "magic
> decoder ring" scrambler, however.
Yeah...but it doesn't need to be done but once. Once someone does it
and the key is known, decrypting a crypted password is a total
no-brainer. (Exploiting some of the subtler security holes requires a
degree of sophistication, too - but once exploit code is written,
*using* it is typically well within the reach of even the
point-and-drool crowd.)
The only way this would be of any use is if a new random[%] key is
generated for each install. Never having installed Netscape, I don't
know whether their install procedure is such that this is feasible.
But it does seem to me to be the only way to actually do anything of
the sort - then the attacker needs to steal the relevant key material
from wherever the install procedure stashed it (inside the executable,
perhaps?) as well as stealing the file with the encrypted password.
[%] And it needs to be at least semi-decently random, too - a trivial
massaging of something the attacker can trivially discover Just
Won't Do.
der Mouse
mouseat_private
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:09 PDT