> More importantly, some people have claimed that the entire password > saving issue is a red herring since there is no way to protect a > secret on the host. I don't think I've said so, but I agree with those "some people". > This criticism is worth thinking about more carefully. We suggest > that Netscape "raise the bar" by using triple-DES and hiding key > material for the cipher throughout the code. But can't you just > apply some clever SoftICE to find the key? Of course you can! Doing > so requires much more sophistication than simply cracking a "magic > decoder ring" scrambler, however. Yeah...but it doesn't need to be done but once. Once someone does it and the key is known, decrypting a crypted password is a total no-brainer. (Exploiting some of the subtler security holes requires a degree of sophistication, too - but once exploit code is written, *using* it is typically well within the reach of even the point-and-drool crowd.) The only way this would be of any use is if a new random[%] key is generated for each install. Never having installed Netscape, I don't know whether their install procedure is such that this is feasible. But it does seem to me to be the only way to actually do anything of the sort - then the attacker needs to steal the relevant key material from wherever the install procedure stashed it (inside the executable, perhaps?) as well as stealing the file with the encrypted password. [%] And it needs to be at least semi-decently random, too - a trivial massaging of something the attacker can trivially discover Just Won't Do. der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:09 PDT