[liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net
coderman
coderman at gmail.com
Sun Jan 19 08:19:30 PST 2014
On Sun, Jan 19, 2014 at 4:23 AM, carlo von lynX
<lynX at time.to.get.psyced.org> wrote:
> ...
>> The highest level of "this feature" would be if this "Mock JS" could have
>> full WebRTC functionality ;)
>
> Dunno, WebRTC is so prone to MITM.
> I'd rather have something secure.
as mentioned before, do WebRTC over private address space, like IPv6
ORCHID identifiers based on cryptographic identities. then you can
easily move sensitive crypto outside the browser, (outside current
user, even outside current domU). in the case of hidden services,
you'd map to onions for TUN endpoints which bring up ORCHID
identifiers based on hidden service private key digest.
if browser is hacked sideways, you expose ephemeral context of current
browser process, history, sessions, cache, etc, but keep long lived
keys and identities protected outside the dirty cesspool that is your
browser swimming naked in sewage.
(aka: contemporary software using data networks built without your
interests at heart)
for the Tor example:
- Qubes dom0 (ring -X): handles launching the following VMs which
together implement the system discussed:
- Disposable Chromium/FFox VM supporting WebRTC, DNS AAAA petnames->ORCHID IPv6
- FirewallVM which forces all traffic over hidden address space to
ORCHIDvm, or drops it. (and prunes much needless IPv6 *cast chatter)
- ORCHIDvm maps incoming IPv6 connections and AAAA lookups to Tor
hidden services, and forces all upstream traffic over Tor or drops it.
this is where the ORCHID tun device lives and is bound.
- TorVM runs the Tor client/relay and hidden services; any control
port access via domU console, not remote.
- NetworkVM finally delivers the intended data to and from the
selected network device preferably using VT-d/IOMMU extensions to
isolate this network device from other devices or domUs.
^- this is how i would prefer to use a browser :)
pointing the browser at localhost is a similar intent and separation,
as demonstrated and discussed by Tony Arcieri in cryptosphere.
best regards,
More information about the liberationtech
mailing list