[messaging] PKI is dead

Tony Arcieri bascule at gmail.com
Fri Jan 23 15:01:02 PST 2015


On Fri, Jan 23, 2015 at 1:57 AM, U.Mutlu <for-gmane at mutluit.com> wrote:

> Back to the roots: hashed pw over MITM-safe sessions (SRP, SPEKE etc, ie.
> PAKE).


These aren't MITM safe. They're TOFU. They have no way to authenticate the
server.

When you enroll a PAKE account, if you're talking to a MITM server, you're
toast. The MITM can then enroll with the real service on your behalf and
transparently proxy everything through, except the MITM will have the real
credentials, and your credentials will only work with the MITM.

Also: passwords suck and need to go away.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150123/c5d1032b/attachment.html>


More information about the Messaging mailing list