[147191] in cryptography@c2.net mail archive
[Cryptography] PRISM-Proofing and PRISM-Hardening
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Tue Sep 17 16:29:21 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 17 Sep 2013 14:43:35 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4057089662417338493==
Content-Type: multipart/alternative; boundary=001a11c38ba2c29f4e04e698b2ba
--001a11c38ba2c29f4e04e698b2ba
Content-Type: text/plain; charset=ISO-8859-1
My phrase PRISM-Proofing seems to have created some interest in the press.
PRISM-Hardening might be more important, especially in the short term. The
objective of PRISM-hardening is not to prevent an attack absolutely, it is
to increase the work factor for the attacker attempting ubiquitous
surveillance.
Examples include:
Forward Secrecy: Increases work factor from one public key per host to one
public key per TLS session.
Smart Cookies: Using cookies as authentication secrets and passing them as
plaintext bearer tokens is stupid. It means that all an attacker needs to
do is to compromise TLS once and they have the authentication secret. The
HTTP Session-ID draft I proposed a while back reduces the window of
compromise to the first attack.
I am sure there are other ways to increase the work factor.
--
Website: http://hallambaker.com/
--001a11c38ba2c29f4e04e698b2ba
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">My phrase PRISM-Proofing seems to have created some intere=
st in the press.<div><br></div><div>PRISM-Hardening might be more important=
, especially in the short term. The objective of PRISM-hardening is not to =
prevent an attack absolutely, it is to increase the work factor for the att=
acker attempting ubiquitous surveillance.</div>
<div><br></div><div>Examples include:</div><div><br></div><div>Forward Secr=
ecy: Increases work factor from one public key per host to one public key p=
er TLS session.</div><div><br></div><div>Smart Cookies: Using cookies as au=
thentication secrets and passing them as plaintext bearer tokens is stupid.=
It means that all an attacker needs to do is to compromise TLS once and th=
ey have the authentication secret. The HTTP Session-ID draft I proposed a w=
hile back reduces the window of compromise to the first attack.</div>
<div><br></div><div><br></div><div>I am sure there are other ways to increa=
se the work factor.=A0</div><div><br></div><div><br clear=3D"all"><div><br>=
</div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://hallambake=
r.com/</a><br>
</div></div>
--001a11c38ba2c29f4e04e698b2ba--
--===============4057089662417338493==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4057089662417338493==--
