From: Bwig Zomberi on
Johannes Baagoe wrote:
> Bwig Zomberi :
>
>
>> A neat solution.>:)
>
> Dr Stockton's idea, actually. I hadn't thought of it before. I am not
> sure it is useful, either...
>> For adequate logging, you might add that a XHR is made to the server
>> after successful decryption.
>
> Quite. It is only a proof of concept, and if it is ever to serve
> a useful purpose, there is a lot to add and to tidy.
>
> But it refutes the categorical statement of the FAQ.

So, the FAQ should say that while it is possible to do it on the
client-side (browser), it is not the recommended way. The web
application should be in control. Server-side code should authenticate
access. Sending encrypted content to unauthorised users would make the
content susceptible to brute-force and weakness attacks.




--
Bwig Zomberi
From: Johannes Baagoe on
Bwig Zomberi :

> So, the FAQ should say that while it is possible to do it on
> the client-side (browser), it is not the recommended way. The web
> application should be in control. Server-side code should authenticate
> access. Sending encrypted content to unauthorised users would make
> the content susceptible to brute-force and weakness attacks.

I am not prepared to say anything that general. For a few pages
only meant for friends and family, this kind of solution could well
be the most convenient way to ensure privacy. It does not require
root access to the server, nor .htaccess files or similar, nor any
particular application. It could be made quite easy to implement by
anyone with minimal skills, the kind of thing anyone can do on his
homepage. And *if* the crypto part is good (I haven't checked it
intensively) and the passwords strong, it should be quite safe.

On the other hand, if the secrets are really important, nothing
can possibly replace competent professional advice and some rather
annoying procedures. Real security is a global culture, not a mere
technology. Life is much easier if one can avoid it, but if one cannot,
there is no easy solution, whether server-side or client-side or both.

Frankly, I don't know. I could probably say more if I had a better view
of what, exactly, the supposed poster of the Frequently Asked Question
has in mind. Given the vague and general nature of the question, I
cannot say if he should be warned not to try, or whether a solution
can be proposed, with the appropriate caveats.

--
Johannes
From: Ry Nohryb on
On May 13, 12:52 pm, Johannes Baagoe <baa...(a)baagoe.com> wrote:
> Ry Nohryb :
>
> >Johannes Baagoe :
> >> Maybe an hour or two will be enough, if it is acknowledged that
> >> the security seems to be adequate after all :)
> > $1k? :-D
>
> No, no, that is VK, and it is $10k :) (Maybe, when he started on
> Shannon's Clairvoyant being used by professional cryptographers,
> I should have mentioned that I happen to have been one, with an
> "Autorisation administrative d'usage, de détention et de fourniture
> d'armes de guerre de deuxième catégorie" to prove it.)
>
> > I'd like to try a brute force attack with a bookmarklet and
> > webworkers, but, for that, could you please add there if you don't
> > mind, in that same page, another "secret" that uses a short pwd
> > (say 3 or 4 chars no more) that only contains a..z, A..Z and
> > 0..9 ? It's just an experiment...
>
> OK, done. 4 chars.

Coov,***** This, I agree, is no real security :)

:-))

(function (v) {
function newVector (v, baseChars) {
v.__proto__= {
baseChars: baseChars,
base: baseChars.length,
getKey: function () {
var key= "";
var i= this.length;
while (i--) {
key= this.baseChars[this[i]]+ key;
}
return key;
},
inc: function () {
var i= 0, resto;
do {
if (resto= (this[i]+= 1) >= this.base) this[i]= 0;
} while ((++i < this.length) && resto);
return this;
},
dec: function () {
var i= 0, resto;
do {
if (resto= (this[i]-= 1) < 0) this[i]= this.base-1;
} while ((++i < this.length) && resto);
return this;
}
};
v.__proto__.__proto__= Array.prototype;
return v;
}

var stat= document.getElementById('idStatus') ||
document.body.appendChild(document.createElement('pre'));
var vector= newVector(v,
"6WNtRvp3ThXgJIjSZxVb2m5saA4KfdCoBnHeOy7D8cz9LYlPkiMUuE1qQw0rGF".split(""));
var n= 0;

(function loop () {
var key= vector.getKey();
var txt= AesCtr.decrypt(crypt0, key, 256);
if (txt.substring(0, 5) === '*****') {
alert([key, txt]);
return;
}
if (!(++n % 100)) {
stat.innerHTML= [n, "[ "+ vector+ " ]", key];
setTimeout(loop, 0);
return;
}
vector.inc();
loop();
})();

})([0,0,0,0]);
--
Jorge.
From: Johannes Baagoe on
Ry Nohryb :

> Coov,***** This, I agree, is no real security :)

Well done !

Now, what about the real password ? Shall I post it, or does anyone want
more time to try ?

--
Johannes
From: Ry Nohryb on
On May 13, 12:52 pm, Johannes Baagoe <baa...(a)baagoe.com> wrote:
> Ry Nohryb :
>
> >Johannes Baagoe :
> >> Maybe an hour or two will be enough, if it is acknowledged that
> >> the security seems to be adequate after all :)
> > $1k? :-D
>
> No, no, that is VK, and it is $10k :) (Maybe, when he started on
> Shannon's Clairvoyant being used by professional cryptographers,
> I should have mentioned that I happen to have been one, with an
> "Autorisation administrative d'usage, de détention et de fourniture
> d'armes de guerre de deuxième catégorie" to prove it.)
>
> > I'd like to try a brute force attack with a bookmarklet and
> > webworkers, but, for that, could you please add there if you don't
> > mind, in that same page, another "secret" that uses a short pwd
> > (say 3 or 4 chars no more) that only contains a..z, A..Z and
> > 0..9 ? It's just an experiment...
>
> OK, done. 4 chars.

Coov,***** This, I agree, is no real security :)

:-))

(function (v) {
function newVector (v, baseChars) {
v.__proto__= {
baseChars: baseChars,
base: baseChars.length,
getKey: function () {
var key= "";
var i= this.length;
while (i--) key= this.baseChars[this[i]]+ key;
return key;
},
inc: function () {
var i= 0, resto;
do {
if (resto= (this[i]+= 1) >= this.base) this[i]= 0;
} while ((++i < this.length) && resto);
return this;
},
dec: function () {
var i= 0, resto;
do {
if (resto= (this[i]-= 1) < 0) this[i]= this.base-1;
} while ((++i < this.length) && resto);
return this;
}
};
v.__proto__.__proto__= Array.prototype;
return v;
}

var stat= document.getElementById('idStatus') ||
document.body.appendChild(document.createElement('pre'));
var vector= newVector(v,
"6WNtRvp3ThXgJIjSZxVb2m5saA4KfdCoBnHeOy7D8cz9LYlPkiMUuE1qQw0rGF".split(""));
var n= 0;

(function loop () {
while (++n % 100) {
var key= vector.getKey();
var txt= AesCtr.decrypt(crypt0, key, 256);
if (txt.substring(0, 5) === '*****') return alert([key, txt]);
vector.inc();
}
stat.innerHTML= [n, "[ "+ vector+ " ]", key];
setTimeout(loop, 0);
})();

})([0,0,0,0]);

(Slightly better than the one in my previous post: no recursive calls
to loop())
--
Jorge.