bitauth icon indicating copy to clipboard operation
bitauth copied to clipboard

Published 20 hours ago verified publisher icon bitpay

Test Server should keep track of nonce

Open martindale opened this issue 10 years ago • 5 comments

As per #12, the included test server should reject requests that that do not correctly include a nonce.

martindale avatar Jul 06 '14 18:07 martindale

I looked at the code today after seeing the korben post, wondered a little time about the treatment of nonces, was about to send a mail to [email protected] then saw this already has an issue. So posting here instead.

Could you also provide a clean treatment for nonces ? I don't feel it's an easy task. For example, Client Side : how do you choose the nonce to send from the client side, so that it won't be rejected by the server ? How to do so from multiple browser tabs ? Once you have resolved the two above problems : How do you keep the nonce small (so that you can compare and store it fast ? ) If you make the nonce finite size, how do you handle the finite size of the nonce (once there are no more nonce ? (new SIN creation ? )

Server Side How to store the nonce ? It seems to me that we need a transactionnal (no mongo here, or traditional session no-sql store) persistent store. How can we use this with a distributed architecture ? Does "bitauth" break REST architecture ?

Additional note (my current view of the problem ): It seems to me that bitauth is just (not) implementing a nonce mechanism over standard Elliptic Curve Cryptography authentification. It seems to me it doesn't implement "perfect forward secrecy", so that for me : using bitauth < encrypting with ECC an http request then sending this request over SSL < over SSL : using ECCDH to create a temporary session key from stored public keys then using this keys to encrypt with and http request then sending < NOT DOING CRYPTOGRAPHY IN JS IN THE BROWSER until there is proper browser module support.

darkblue346 avatar Jul 07 '14 12:07 darkblue346

Why don't we forget having the client pick the nonces?

  • User requests access
  • Server issues nonce challenge
  • User signs nonce, returns signature and public key
  • Server checks signature, checks if public key / SIN is allowed access to requested resource

Maybe I'm missing something, but it seems like we could get away without having to remember anything for longer than a session (just issue a new random number), and it avoids the possibility of someone intercepting a previous signature for a higher nonce and using that to login.

illuzen avatar Aug 06 '14 13:08 illuzen

@snakecharmer1024 It's almost a month since I looked to bitauth, so I may have not understood you. Even if "User requests access" is encrypted, it is still subject to replay attacks. And it seems your solution need one more round-trip every time, which will have to be handled by the common developper.

darkblue346 avatar Aug 06 '14 21:08 darkblue346

@darkblue346 Ok I think I see what you mean. Like this?

  • User requests access over SSL
  • Server issues nonce challenge
  • User signs nonce, sends signature and public key
  • Attacker intercepts message and resends it, gaining access
  • User is unable to access due to attackers access

Is that roughly what you mean? This stuff is challenging to think about clearly.

illuzen avatar Aug 07 '14 07:08 illuzen

@martindale is this still relevant

braydonf avatar Jan 07 '15 01:01 braydonf