| I think that I disagree, but I am not experienced enough to know what I don't know. Judging from your response, you know way more than me, so if it's okay with you, I will tell you why I disagree. Then, it would make my day (and help me a tremendous amount) if you would tell me why I am wrong. a) The chicken and egg problem of delivering javascript: I am far from being good at this stuff, but I am confident that, given the opportunity if you deliver .js (or anything else) over an insecure connection, I can modify the content before it ever reaches the user. As you and the article state, you could solve this problem by delivering the .js file with SSL/TLS. But, if you do this, I presume that you would need to encrypt every single resource on the page. And, if you have already gone that far, what would you gain by implementing browser based crypto when you have already solved the problem? It strikes me that SSL/TLS are old enough to be well tested and researched, whereas if I wake up some morning and decide to implement my own crypto, I'm going to f* something up. I'd rather let smarter people do the heavy lifting. But, I don't know what I don't know. What don't I know? Furthermore, we're all harping on javascript when you can't download PuTTY over an SSL connection. Please correct me if I am wrong, but if you can download PuTTY via an insecure connection, an attacker can just as trivially swap out the real version of PuTTY with a compromised version. That sounds really dangerous, but isn't that why the PuTTY developers add RSA/DSA signatures to their downloads page? I would argue that if someone is smart enough to find a collision in both RSA and DSA, they can likely find easier ways to attack me than to swap out the real version of PuTTY with a compromised version. What am I missing? disregard this question because I missed something very important - see my edit below He talks about browser cache but says that javascript can't control it. That doesn't mean it can't be controlled (see MANIFEST file). Thank you for this - I need to do some more reading. Though, wouldn't you get into the same problem where, unless you can control every single resource on the page (ie - serve it encrypted and make sure there are no XSS vulnerabilities) you can't guarantee that the browser is using the correct code? Then, doesn't that get back to the chicken and egg problem where if you're already implementing encryption, you don't need crypto in the browser? -- Some of the ideas on that page (ie - the inability to generate strong random numbers) are kind of outdated. I believe that Opera uses a cryptographically secure Math.Random(). And, I think that there is an API to accomplish this in other browsers. window.crypto.GetRandom or something? However, I still see all kinds of traffic with old versions of Internet Explorer (sorry to pick on IE). Wouldn't solving the crypto in a browser problem reliably require making everyone update to a modern browser? I hope that I'm not coming across as being difficult, but I would love to learn and would appreciate any help you would provide. Edited -- jimktrains2 wrote: But those sigs are also coming over a non-ssl connection:-p There goes my entire RSA/DSA argument! What a great thread... |
This is indeed the point made by Matasano, but I don't think it's valid. Sometimes you want to segment the trust, or maybe your software provider doesn't even want to be in the data storage game. So I might trust one entity to provide me with software to manage my inbox, particularly if I can inspect that software at will, and have seen it pass through a security review, however I might not want to trust them with actually storing the contents of my inbox. In that case, it's nice to be able to encrypt the inbox (and the index, to allow for nice searching) in my browser, and then actually store them on a commodity storage provider (s3 or dropbox). And yes, I'd use modern web standards to give the user control over when a new version was downloaded too.
So, I need to get the software over SSL, and be able to verify within reason that it does what it is supposed to, and then use that trusted software to work with data which I can store on untrusted services.