-
-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
protect against mitm attacks #198
Comments
I don't want to go down the route of ssh and having to verify host fingerprints and such, so here are a few better options that rely solely on the shared secret: In the meantime, this is seriously mitigated by r1981 which encrypts all traffic except for the initial hello packet. A mitm attacker can still intercept and forward all traffic between the client and server, but since the AES key is derived from the secret, the attacker has no way of decrypting the traffic, and no way of modifying it either. |
2012-10-13 15:21:26: lindi commented
|
meh - I don't really like ssl, the whole certificate business is complicated, it would take some effort to do this right and to document how to set things up properly. I like SPEKE: "Unlike unauthenticated Diffie-Hellman, SPEKE prevents man in the middle attack by the incorporation of the password. An attacker who is able to read and modify all messages between Alice and Bob cannot learn the shared key K and cannot make more than one guess for the password in each interaction with a party that knows it." It's simple and effective. We're not far off that, modifying our code to accommodate it shouldn't be too hard. |
2012-10-13 15:44:27: lindi commented
|
2012-10-13 16:01:54: lindi commented
|
Great read thanks. We're safe from padding oracle, and none of the data is under user control (although as discussed previously, the key's salt is), I chose The good thing is that we don't have to do anything with the transport at all, unlike EAP, SPEKE relies on just one random integer sent across from both ends. Shame that there is nothing in python for doing AES CCM Mode. |
2012-10-14 12:18:18: antoine commented
|
2012-10-16 14:35:57: lindi commented
|
2012-10-21 04:40:20: mvrable commented
|
2012-10-21 05:22:37: antoine commented
|
2012-11-08 00:20:27: mvrable uploaded file
|
2012-11-08 00:25:16: mvrable commented
|
2012-11-15 03:39:56: antoine commented
|
2013-02-11 16:31:04: antoine commented
|
2013-03-20 14:23:05: antoine commented
|
2013-05-16 14:27:52: antoine commented
|
2013-05-20 05:27:15: mvrable commented
|
2013-07-11 17:52:16: antoine commented
|
2013-09-13 06:41:19: antoine commented
|
2014-05-29 16:54:10: gschwind commented
|
FYI: the recent changes in trunk make the protocol class much easier to work with: the compression and encoding aspects have been moved to separate classes. The same should be done with the crypto bits, I have only moved the bare minimum so far. |
Too big a job, not a priority. |
2015-10-16 03:34:56: antoine commented
|
2015-11-14 13:35:48: antoine commented
|
SSL will do: #1252. See wiki Encryption for details. Note: if you can send your AES key to each end securely, the AES option is still probably still safer for most: figuring out how to configure SSL properly is hard. |
Originally recorded in #197 (only mildly related):
*1) Wait until a new client tries to connect and intercept
*2) Connect your own client to the server, obtain "challenge" from server
*3) Feed "challenge" to the original client, wait for "challenge_response"
*4) Feed "challenge_response" to the server and allow your own client to interact with the server
*5) Drop the original client
The text was updated successfully, but these errors were encountered: