Fwd: That great security problem...

[David Faure]

----------  Forwarded Message  ----------

Subject: That great security problem...
Date: Sunday 08 August 2004 09:41
From: Arnt Gulbrandsen <arnt at gulbrandsen.priv.no>
To: David Faure <faure at kde.org>

Hi David,

I'm sure you're aware of all the phishing that's going on at the moment. 
Every browser's vulnerable if its user is stupid enough, and all humans 
are (at least sometimes).

I think it's possible to almost kill the problem. Even though the 
problem is about social engineering, I have a technical barrier that'll 
almost kill it.

It's a two-part approach:

1. When Konqueror logs in to a TLS-secured web site, it should store the 
certificate and the MD5 hash of the password.

2. When Konqueror is about to send a password, it should do the MD5, see 
if that password has been used with a TLS site, and if so, check that 
that same certificate is valid for the site that will receive the 
password.

In effect, if you log in to your bank with password 54738591 and you 
later reuse the same password elsewhere, Konqueror should pop up a 
dialog saying: "Warning: The same password has also been used with <TLS 
cert owner>, which does not own/secure <web site>. Are you sure you 
want to use it with <web site>?"

I know about kwallet, and I think this is NOT a job for kwallet. kwallet 
is optional and has disadvantages (storing passwords outside my brain). 
People who won't use kwallet should still be protected against 
phishing.

Feel free to forward this appropriately. I sent it to you based on your 
description in the konq about box.

Arnt



-------------------------------------------------------

-- 
David Faure, faure at kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).