[tor-talk] Ideas to securely implement PGP encryption/decryption

Mike Perry mikeperry at fscked.org
Tue Oct 11 05:47:09 UTC 2011


I more or less give this plan my stamp of approval. Just mind the
gaps, and careful with NPAPI! I am able to review and advise XUL+XPCOM
code for security.. But for NPAPI, we'll need someone else.

Anyone on-list have any expertise with processing untrusted DOM
data in NPAPI, and then rendering output safely in browser windows?
Sounds like a minefield to me, but perhaps it's safer and easier than
I expect?


Thus spake Fabio Pietrosanti (naif) (lists at infosecurity.ch):

> Hi all,
> 
> i understand all the doubt from Mike and Ransom about the possible
> exposure of user's security trough the exposure of functionality that
> can be "called by a remote web-application".
> 
> This is an idea to mitigate most possible security issues:
>  * Put the encryption functionality into the hands of user actions
>  * Provide minimal interaction between Javascript/XUL functionalities
> 
> Basically a user would like to encrypt/decrypt/sign:
>  - text form
>  - file uploaded/downloaded
> 
> That kind of actions could be implemented like explicit actions that the
> user have to take.
> * Text form Encryption
>  - Right click on web/text form -> Encrypt/Decrypt
> 
> * File Encryption
>  - Upload Box can provide an option (in the file browsing window) to Encrypt
>  - Download Box can detect if it's encrypted, and provide an option to
> Decrypt (in the file download box)
> 
> This would work without any server-side
> invocation/manipulation/whatsoever trough client-side code that could
> expose vulnerabilities.
> 
> That way there will be a "user firewall" between the encryption
> functionality and the possible active content coming from the server
> mitigating the risks of possible XUL/XSS and other attacks coming from
> active-javascript calling XUL.
> 
> Also Key Management functionality could stay off protected by making a
> proper section (XUL) under Firefox options/menu that the user can use.
> 
> No code coming from the web would be allowed to interact with the
> plug-in but the end-user will still have all the encryption features
> under his power, usable in a modern web-based world.
> 
> What do you think?
> 
> -naif
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111010/7e522a8f/attachment.pgp>


More information about the tor-talk mailing list