[OpenAFS] Open AFS, SSL and wireless security.

Tim O'Callaghan tim.ocallaghan@limestudios.com
Thu, 3 Jul 2003 11:33:48 +0100


> "Tim O'Callaghan" <tim.ocallaghan@limestudios.com> writes:
> 
> > If the UK government wanted info from my machine, they
> would come and
> > take my machine. Hmm... Have to think about what would
> happen if someone
> > 
> > stole my machine... But anyway the threat model here is domestic.
> 
> Ok, so you're talking about your neighbor, which about the
> same number of resources as you have... Ok..
> 
> > Depends... Approx how many transmissions do you need to
> have a crack
> > at a long term key?
> 
> Probably on the order of 2^80 (give or take) for a 3des/aes
> long-term key...  Note that this happens about once every 10 
> hours per user, so isn't very likely.
> 
> The "AFS long-term key" is used for each RX connection at
> connection setup time.  This, unfortunately, is a 1DES key so 
> it only needs about 2^50 (give or take) connection setups -- 
> however that doesn't happen very frequently, either.
> 
> Then there is the "AFS Session Key", which is used to
> authenticate and encrypt the data.  This key is only valid 
> for 8-10 hours and is again a 1DES size key.  How much data 
> are you sending in 8-10 hours?
> 

So what you're saying is i might expect trouble in say 1,285 billion
years?

> Also, how much computation power do you expect your neighbor to have?
> 

I'm assuming my neighbour doesn't have access to a large node Beowulf
cluster, quantum computer, or  advanced alien technology... yet :)

> > > This depends on your actual threat model.  Could the NSA do
> > > it?  Yea. But they could also do it with SSL, too ;) 
> > > Could your neighbor? HIGHLY unlikely.  
> > My neighbour represents a constant threat, as they will be 
> there for 
> > the long term, and hence have much more of an opportunity to have a 
> > crack at it. Would they? no idea.
> > Could they? assuming i patch regularily, as you say highly 
> unlikley. But
> > in general, i prefer to be on the moderate side of 
> paranoid, more of a
> > hobby than a career :)
> 
> See, that appears to be your problem..  No offense, but 
> you're being paranoid without actually understanding the risks.  :(
> 

True, which is why I asked. Sorry if it started to wander off topic, but
I wanted to know if AFS would encrypt the file the during transfer "out
of the box". 
For my current application, a secure authentication scheme is needed,
but if the file isn't secured during transfer then it becomes pointless.


> > By my way of thinking (again I'm only a layman) they'd have to crack

> > my SSL and then have a crack at openAFS & Kerberos(?)
> 
> Nope, it doesn't work that way.  They can just collect all 
> your traffic and work on it later.  Once they break your SSL 
> key they go back and have all your other data in storage -- 
> so now they go an work on that.
> 

I had assumed this. I mentioned it because i thought it would serve to
encrypt actual file transfer. The fact it would increase the time needed
to gain access by another hundred billion years or so, is a bonus.

> ALL of this is extremely unlikely.  I would bet a dollar to a 
> dime that that 95% of all neighbors out there would give up 
> as soon as they saw WEP, and 99% (or more) of all neighbors 
> would give up if data was encrypted in ANY way at the next level).
>
> Seriously, _ANY_ real encryption (I'll admit that WEP isn't 
> real) is "good enough" against your neighbor, unless your 
> neighbor happens to be in the NSA.  I'll even go so far as 
> saying that WEP (even though it IS broken) is useful against 
> most neighbors...
> 

After seeing the figures above, I agree. I shall have to do some more
serious RTFM on cryptography. As for WEP, the fact it IS broken is the
reason i have been asking these questions. No need to be complacent when
i can easily fix the problem using a working encryption scheme.

> So, in my expert opinion: Kerberos and AFS is "good enough" 
> to protect you from your neighbors.
> 

Thanks for putting my mind at ease... 

Tim.