Subj : Binkd and TLS
To   : Richard Menedetter
From : Michiel van der Vlist
Date : Tue Dec 17 2019 04:10 pm

Hello Richard,

On Tuesday December 17 2019 14:31, you wrote to me:

RM> But this does not make it less standard, only less used. You can
RM> import a client certificate into Firefox and other browsers for a long
RM> period of time. And you can use this as a more secure means of
RM> authentication.

OK, "less used" describes it better than "non standard".

RM>>> But naturally then every client needs a signed certificate, and
RM>>> the server needs to verify that client certificate.

MV>> Indeed. And what is the added value of that?

RM> There is potential value. (eg. passwords can be very easy to guess ...
RM> toor, passw0rd, ...)

That is not a shortcoming of the protocol, it is a shortcoming of the user.

RM> client certificates are much more secure than eg. 8 digit passwords.

Binkd session passwords are not limited to 8 characters. I just tried a 25 byte
string and it functions. I say "bytes" because I inserted a cyrillic UTF-8
character. Changing the last byte results in a password error, so all bytes are
used. Case sensitive. I don't know what the limit is, but it is at least 25.

A properly choosen 25 byte string is impossible to guess I'd say. A brute force
attack won't work very well with binkd either. So I don't think that part of
binkd can be considered "weak".

RM> I doubt that that added value is "worth it" in fidonet, where many
RM> people used ancient software, and only a small minority is interested
RM> to roll out new features.

Frankly I see no significant added value at this point. It just adds
overhead...

MV>> Binkp's CRYPT protects against unauthorised listeners on the
MV>> channel. I am not aware of binkp's security being compromised.

RM> I am also not aware of it. But you have to admit that security
RM> researchers have more prestigeous targets then binkd crypt. (So I
RM> assume that it was never really challenged and analyzed.)

Yes, there is that. It was probably never really challenged.

RM> Breaking TLS gains you lots of $$$, so many people try it. (without
RM> any knowledge of then being successful.)

I suspect it is already boken by government agencies. Those are the ones that
have the resources...

MV>> Plus that I still wonder what we are protecting against whom. Do
MV>> we really need 10 cm armour and triple locks to protect Fidonet
MV>> content?

RM> Why not? ;)
RM> Using binkp in a stunnel definitely will not weaken the security.

Not if you do it right. If you do it wrong....

RM> (eg. if you break the stunnel, you still are left with the same binkp
RM> stream that you would have had previously.) And adding a TLS option
RM> for clients that support it, will not be weaker than our existing
RM> crypt implementation.

Unless you use TLS not in addition to but instead of binkp session password and
CRYPT.

RM> So it is doable, and would benefit security from my point of view.
RM> But I do not think many people would use it.

Like I said before, I may give it a try just for the sake of the technical
challenge. I don't consider the added security of such magnitude that I'd start
using it large scale..

RM> The easiest target would be to have a second port where you can make
RM> stunnel connections. (this is not very practicable from my point of
RM> view, outside of PoC) Or the second easiest but more useable target
RM> would be to implement starttls and use it if both parties support it.
RM> (relying on passwords, not client certificates)

The Synchronet fans do not seem to like starttls, they want a diffrent port. So
we alreay have two competing standards...


Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20170303
* Origin: http://www.vlist.eu (2:280/5555)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.