[Dundi] Looking Glass
Joe Abley
jabley at automagic.org
Sun Oct 31 10:05:37 CST 2004
On 31 Oct 2004, at 11:11, Mark Spencer wrote:
> Without requiring SSL to protect the md5 secret being transmitted, an
> observer on the wire could then snoop the md5 secret and use it to
> gain access to the system after the fact unless the number which was
> presented for authentication changed each time and the same number was
> not repeated within the cache time. Further, without SSL, whatever
> information is transmitted would then be visible to anyone on the
> wire.
Surely the data transmitted over the wire is an MD5 hash calculated
over the concatenation of a number with a shared secret. The result of
the MD5 hash is hence not secret, and there seems little point in
transmitting it over SSL.
Perhaps I am misunderstanding what you said in your previous message
about "rotating secret".
> Basically SSL provides an additional layer of security which is fairly
> simple to setup and seems pretty worth it :)
SSL implies a requirement for X.509 certificates; since (a) the process
of acquiring certificates from well-known trust anchors is very
insecure, and (b) people won't bother anyway and will self-sign
certificates, SSL will wind up being no defence against
man-in-the-middle extraction of the encrypted data anyway.
SSL is rarely worth much in practice, in my opinion :-)
Joe
More information about the Dundi
mailing list