On Thu, Aug 07, 2014 at 11:44:03PM +0200, Till Maas wrote:
On Thu, Aug 07, 2014 at 05:33:38PM +0200, Pierre-Yves Chibon wrote:
> The key ideas are:
> ==================
> * the username, password and OTP are not sent in the same request (otherwise, if
> $attacker intercept this request, $it has all the info at once)
What kind of attacker is able to only intercept this one request, but
cannot intercept the second request as well? This assumed threat seems
to lead to more complexity which might allow for more errors without an
obvious gain in security from what I can see.
So I just discussed this with Kanarip again.
The idea is to decouple the username/password from the OTP so that if you have
10 requests at the same time, then it's harder for the MITM to correlate which
OTP refers to which username/password sent before.
To do the two requests and still have the correlation on the server side which
OTP belongs to which username/password, Kanarip had two propositions:
- Keep the connection open and send the second requests
- Provide to back from username/password a one time token that will be returned
with the OTP
On the other side, Kanarip did say it's all a matter of compromise and we just
need to make a tradeoff on what we want and which risk we're ready to take.
Pierre