strictly speaking, using SSL for all communications between the
browser and the server fix all MITM class of problems.
But the tampering of the code is a real problem, and we consider it
the most serious thread to the security of "zero-knowledge web
applications".
At the moment we do not have a definitive answer, as a final solution
needs some support from the browser vendors themselves, and we do not
have the strength to push it on our own.
But we are taking some steps in order to alleviate this problem:
- http://groups.google.com/group/clipperz/browse_thread/thread/22c7cff41adf9b3a
- http://groups.google.com/group/clipperz/browse_thread/thread/345fede042104438
- http://www.clipperz.com/reviewing_the_code/checksums
- http://www.clipperz.com/learn_more/crypto_foundations (look at the comments)
- http://www.clipperz.com/users/marco/blog/2007/08/24/anatomy_zero_knowledge_web_application
(section 2: Hide nothing)
None of these are very user friendly, but at least the serve the
purpose of drawing some line to start understanding the exact
specification of the problem that needs to be tackled.
I hope this helps answering your concerns.
Best regards,
Giulio Cesare
Hello,
strictly speaking, using SSL for all communications between the
browser and the server fix all MITM class of problems.
But the tampering of the code is a real problem, and we consider it
the most serious thread to the security of "zero-knowledge web
applications".
At the moment we do not have a definitive answer, as a final solution
needs some support from the browser vendors themselves, and we do not
have the strength to push it on our own.
On Tue, Aug 5, 2008 at 9:45 AM, X Ryl <boite.p...@gmail.com> wrote:
> Well,
>
> If you have SSL, I guess Clipperz's authentication is not so useful.
Mhhh. SSL does not provide any option to identify which user is trying
to access the Clipperz data; it "simply" protect the communication
channel between the Clipperz's server and the user's browser.
The authentication protocol allows us to identify who is trying to
access the data and verify that he owns the right credentials to do
so.
Anyway ... see my comments below.
> On Mon, Aug 4, 2008 at 9:03 AM, Giulio Cesare Solaroli
> <giulio...@gmail.com> wrote:
>>
>> Hello,
>>
>> strictly speaking, using SSL for all communications between the
>> browser and the server fix all MITM class of problems.
>>
>> But the tampering of the code is a real problem, and we consider it
>> the most serious thread to the security of "zero-knowledge web
>> applications".
>>
>> At the moment we do not have a definitive answer, as a final solution
>> needs some support from the browser vendors themselves, and we do not
>> have the strength to push it on our own.
>
> I've been looking into this issue for a while now, and I might have a
> beginning of a secure answer.
>
> First "solution", use Flash and ActionScript.
>
> [...]
>
> This means that if you can get an initial file that wasn't modified by an
> evil hacker, the next files will automatically be secured.
The whole Clipperz application is served as a single include all file
(HTML + JS + CSS + images are all included in the index.html file); so
if we can solve the "initial file" problem, we are already done.
> The initial file could be served on a shared webserver with SSL, or send in
> a PGP email, so it can't be modified. (SSL server will not have to handle
> authentication)
Given how browser security works, if you want to access the Clipperz
application with Javascript, you need to serve it from Clipperz
servers. So your suggestions do not provide much benefit, as far as I
can see.
> Second "solution", with only current javascript implementation and standard
> browser:
>
> This one is a bit more technic, so please ask if I'm not clear enough:
[Disclaimer: I have read your suggestion not very carefully, so feel
free to correct me if I got something wrong]
> 1. The server serves a static HTML containing:
> a. A basic form and a page layout the user is expected to see
> b. Uncyphered JS code (containing hashing and decryption/encryption
> code like AES/RSA)
> c. Cyphered JS code (containing cyphered primitives) with the expected
> user key (there might be an issue here, see *1)
> [...]
However you want to pack your data/algorithm etc... if you are going
to serve some crypto algorithm via web, you immediately fall back to
the first point where you need to verify that the algorithms are
legitimate and have not been compromised.
Anything that relies upon the outcome of an untrusted algorithm is
basically not trustable.
> Let me know if you see any hole in this algorithm.
If you believe that your suggestion is immune from this observation, I
will try to dig deeper into the details, because I have obviously
missed something.
Best regards,
Giulio Cesare
Hello Cyril,
Mhhh. SSL does not provide any option to identify which user is trying
On Tue, Aug 5, 2008 at 9:45 AM, X Ryl <boite.p...@gmail.com> wrote:
> Well,
>
> If you have SSL, I guess Clipperz's authentication is not so useful.
to access the Clipperz data; it "simply" protect the communication
channel between the Clipperz's server and the user's browser.
The authentication protocol allows us to identify who is trying to
access the data and verify that he owns the right credentials to do
so.
Anyway ... see my comments below.
> [...]
> On Mon, Aug 4, 2008 at 9:03 AM, Giulio Cesare Solaroli
> <giulio...@gmail.com> wrote:
>>
>> Hello,
>>
>> strictly speaking, using SSL for all communications between the
>> browser and the server fix all MITM class of problems.
>>
>> But the tampering of the code is a real problem, and we consider it
>> the most serious thread to the security of "zero-knowledge web
>> applications".
>>
>> At the moment we do not have a definitive answer, as a final solution
>> needs some support from the browser vendors themselves, and we do not
>> have the strength to push it on our own.
>
> I've been looking into this issue for a while now, and I might have a
> beginning of a secure answer.
>
> First "solution", use Flash and ActionScript.
>
>The whole Clipperz application is served as a single include all file
> This means that if you can get an initial file that wasn't modified by an
> evil hacker, the next files will automatically be secured.
(HTML + JS + CSS + images are all included in the index.html file); so
if we can solve the "initial file" problem, we are already done.
Given how browser security works, if you want to access the Clipperz
> The initial file could be served on a shared webserver with SSL, or send in
> a PGP email, so it can't be modified. (SSL server will not have to handle
> authentication)
application with Javascript, you need to serve it from Clipperz
servers. So your suggestions do not provide much benefit, as far as I
can see.
[Disclaimer: I have read your suggestion not very carefully, so feel
> Second "solution", with only current javascript implementation and standard
> browser:
>
> This one is a bit more technic, so please ask if I'm not clear enough:
free to correct me if I got something wrong]
> [...]
> 1. The server serves a static HTML containing:
> a. A basic form and a page layout the user is expected to see
> b. Uncyphered JS code (containing hashing and decryption/encryption
> code like AES/RSA)
> c. Cyphered JS code (containing cyphered primitives) with the expected
> user key (there might be an issue here, see *1)
However you want to pack your data/algorithm etc... if you are going
to serve some crypto algorithm via web, you immediately fall back to
the first point where you need to verify that the algorithms are
legitimate and have not been compromised.
Anything that relies upon the outcome of an untrusted algorithm is
basically not trustable.
If you believe that your suggestion is immune from this observation, I
> Let me know if you see any hole in this algorithm.
will try to dig deeper into the details, because I have obviously
missed something.
Best regards,
Giulio Cesare
I will take a closer look at this whole tread to understand better
your suggestions, as there is still something I am definitely missing.
Thank your very much for the attention.
Best regards,
Giulio Cesare