Sam Roberts schreef op 03-11-14 om 21:50:
> On Mon, Nov 3, 2014 at 11:00 AM, Tim Kuijsten <
in...@netsend.nl> wrote:
>
>>> Tim, is your server storing passwords in plain text? If so, that's
>>> probably your biggest security problem.
>>
>> Hi Sam, yes, but I'll use a file that only the superuser can read.
>
> That's what i meant, anyone who roots your server owns your passwords.
> Check out SRP, or more modern equivalents:
>
http://en.wikipedia.org/wiki/Password-authenticated_key_agreement
This PAKE looks interesting, though I'll save it for another day.
It's perfectly fine to run the server I'm currently building without
listening on a public interface at all. Furthermore it has both a client
and a server in it and for a lot of users it will be sufficient to run a
server only or a client only (I guess a peer would be a better name).
The plain text passwords are only needed in the client part, since the
server currently hashes them using bcrypt. This makes it impossible to
grab all passwords at once from a "server-only" installation.
For those users that do choose to run a publicly accessible server I'm
taking extra measures to mitigate the general risks that come with
running a public server (since making V8, libuv etc. reachable over the
internet will extend the attack surface significantly).
>
> chrooting and dropping is a good thing, but its not like no attacker
> has ever gotten out of a chroot jail, or just decided the http server
> wasn't the weakest link, and got in some other way. If you are going
> through this trouble, you may want more depth to your defence.
You're right that escaping a chroot is often not impossible. The nice
thing about a chroot though is that it's pretty universal (well, at
least on POSIX systems) and not a Linux or other OS specific thing. And
I'm told that when it's done right, it's extremely hard or even close to
impossible to escape (it's heavily used on OpenBSD for example, a system
I trust). Ofcours, the chroot npm needs more refinement before I'm
confident it can give such guarantees.
The privilege separation is mainly to mitigate the risks that the server
I'm building is adding to you're infrastructure, not about mitigating
any other risks a certain server might already have that is unrelated to
running my software.
>
>>> Have you considered OAUTH, so that passwords don't flow through your
>>> server at all?
>>
>> Given the controversy around oauth2 [4]
>
> One loud critic doesn't equate to a controversy. And there is both
> OAUTH and OAUTH2. They only work for web-clients, of course, so may
> not be appropriate for your use. No keying material on your server has
> some nice security properties.
I agree on the "No keying material on your server has some nice security
properties" proposition.
Although unrelated, this reminds me of some interesting things that are
done at Twitter when utilizing forward secrecy on multiple front-end
servers "You need to generate session ticket keys randomly, distribute
them to the servers without ever touching persistent storage and rotate
them frequently."
https://blog.twitter.com/2013/forward-secrecy-at-twitter
Thanks,
Tim
>
> Cheers,
> Sam
>