Subject Re: [Firebird-Architect] RC4
Author Brad Pepers
On 2010-11-14, at 3:29 PM, Adriano dos Santos Fernandes wrote:

> On 14-11-2010 20:23, Jim Starkey wrote:
>> Is it your position that certificates should be part of the Firebird
>> security architecture, or this is just another random objection to doing
>> something?
> I understood it's being discussed a secure remote protocol. What you
> described is far from this because it's susceptible to one of the most
> common attacks: man in the middle.
> If I'm connecting on the server of man LAN and the side guy intercept
> the traffic since the connection start, he can sniff all the connection.
> Is this something out the requirements being discussed?
> You're scheme just protect established connections. It don't protect the
> connection start.

Every security scheme comes at a cost and the more secure you want it, the higher the cost. The cost can be in performance due to overhead in encryption and decryption. It can be cost in ease of use or ease of installation. It can be a cost in requirements such as needing an internet connection to work. So the goal is to discuss security schemes and figure out the level of security they give and at what cost. Evaluate and decide on the sweet spot.

What Jim described was a way to get a reasonable level of security at a very low cost. You get session encryption and secure password authentication with a small cost in performance (if using the session key to encrypt the rest of the communications) and the cost of some development time. But it is vulnerable to MITM attacks. This may be a very reasonable level of security for most people though.

To extend the method Jim gave to get around the MITM attacks is going to cost you a lot. Both in certificate management and needing a connection to a trusted third party. Certificate management also seems to be an area that is easy to get wrong and only be providing an illusion of extra security. If you decide to go this way, implementing a known protocol like SSL/TLS would be a good idea.

I've brought up SRP as another way to get security at a low cost which isn't vulnerable to MITM attacks but it is less generic than the method Jim gave so it may not be applicable to what Firebird needs.

In my experience the above two methods are the most common and understood. There may be others that someone else can present. I'm not really personally part of any of this. Just an area I'm interested in so thought I'd throw in some ideas!