[146314] in cryptography@c2.net mail archive
Re: [Cryptography] Snowden "fabricated digital keys" to get access
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Jul 4 14:31:10 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <201306282300.r5SN06HA028879@new.toad.com>
Date: Sat, 29 Jun 2013 17:19:45 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: John Gilmore <gnu@toad.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2375568602261685664==
Content-Type: multipart/alternative; boundary=089e013d1beaf38fa804e0518d0e
--089e013d1beaf38fa804e0518d0e
Content-Type: text/plain; charset=ISO-8859-1
I think that fabricating a key here is more likely to mean fabricating an
authentication 'key' rather than an encryption key. Alexander is talking to
Congress and is deliberately being less than precise.
So I would think in terms of application level vulnerabilities in Web based
document servers.
One of the things that I have thought weak in our current approach to use
of crypto is the way that we divide up access control into authentication
and authorization. So basically if Bradley had a possible need to see a
file then he has an authorization letting him see it. Using access control
alone encourages permissions to be given out promiscuously.
The Snowden situation sounds like something slightly different. Alexander
says he was not authorized but he was able to get access. The common way
that happens on the Web is that Alice has account number 1234 and
authenticates herself to the server and gets back a URI ending something
like ?acct=1234&.... To get access to Bob's account she simply changes that
to ?acct=1235&...
It should not work, but it works very often in the real world. Having
worked with contractors I have seen people hired out as 'programers' at
$1500 per day whose only coding experience was hacking Dephi databases. No
C, C++, Java or C#. Not even a scripting language.
So it would not shock me to find out that their document security comes
undone in the same way that it does in commercial systems.
Heads should be rolling on this one. But they won't.
--089e013d1beaf38fa804e0518d0e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I think that fabricating a key here is more likely to mean=
fabricating an authentication 'key' rather than an encryption key.=
Alexander is talking to Congress and is deliberately being less than preci=
se.<div>
<br></div><div style>So I would think in terms of application level vulnera=
bilities in Web based document servers.</div><div style><br></div><div styl=
e>One of the things that I have thought weak in our current approach to use=
of crypto is the way that we divide up access control into authentication =
and authorization. So basically if Bradley had a possible need to see a fil=
e then he has an authorization letting him see it. Using access control alo=
ne encourages permissions to be given out promiscuously.</div>
<div style><br></div><div style>The Snowden situation sounds like something=
slightly different. Alexander says he was not authorized but he was able t=
o get access. The common way that happens on the Web is that Alice has acco=
unt number 1234 and authenticates herself to the server and gets back a URI=
ending something like ?acct=3D1234&.... To get access to Bob's acc=
ount she simply changes that to ?acct=3D1235&...=A0</div>
<div style><br></div><div style>It should not work, but it works very often=
in the real world. Having worked with contractors I have seen people hired=
out as 'programers' at $1500 per day whose only coding experience =
was hacking Dephi databases. No C, C++, Java or C#. Not even a scripting la=
nguage.</div>
<div style><br></div><div style>So it would not shock me to find out that t=
heir document security comes undone in the same way that it does in commerc=
ial systems.</div><div style><br></div><div style>Heads should be rolling o=
n this one. But they won't.=A0</div>
</div>
--089e013d1beaf38fa804e0518d0e--
--===============2375568602261685664==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2375568602261685664==--
