[3686] in cryptography@c2.net mail archive
RE: Is a serial cable as good as thin air?
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Wed Dec 2 15:48:10 1998
In-Reply-To: <199812020724.BAA00010@tecaprocorp.com>
Date: Wed, 2 Dec 1998 15:22:10 -0500
To: dianelos@tecapro.com, cryptography@c2.net
From: "Arnold G. Reinhold" <reinhold@world.std.com>
At 1:24 AM -0600 12/2/98, Dianelos Georgoudis wrote:
> Thank you all for the feedback; I will take your observations into
> account - replay attacks are accounted for and, for good measure,
> I will include a random delay to invalidate timing attacks. I see
> now that I should have been somehow more specific with my original
> question:
Having more information certainly helps, but I still feel a more fromal
analysis is required to assert security at either an absolute or relative
level. Potential weaknesses are always fair game, however! :) With that in
mind:
1. I am very concerned about the statement your data is encrypted "with the
individual clients' passwords." Typical user passwords and PIN numbers do
not have anyway near enough entropy to serve as encryption keys for
symetric ciphers, even if hashed with a standard algorithm such as SHA or
MD5. Such keys can be broken in a matter of seconds on a PC. If that is
what your application is doing, the data on your server should not be
considered encrypted and must be treated as fully open to the hackers.
2. Rebuilding the server periodically (maybe every night) would be good,
as would removing all source code and development tools. But for the
purpose of this kind of analysis, you must assume that a hacker can get
complete root-level control of your Internet server.
3. You need to consider how you will insure and verify the integrety of the
PC. If the PC is connected to the bank internal network and the hacker can
get his code into the PC, you are potentially vulnerable. Hackers are very
good at "social engineering." Who will clean the office where this PC is
located?
Hope this helps,
Arnold Reinhold
