[liberationtech] Browser extensions or native application for crypto? Was: Whiteout OpenPGP.js encrypted mail client (Chrome HML5 App)

[Tony Arcieri]

On Thu, Jan 23, 2014 at 3:05 AM, Fabio Pietrosanti (naif) <
lists at infosecurity.ch> wrote:

> Browser extension could be hacked if they are unsafe, trough the use of
>
XSS-like attack techniques, by triggering an external payload into it
> (for example from a website visited by the user).
>

...but as long as they can't break out of the browser's sandbox, they can't
be used to compromise native applications.

So browser exploits affect:

1) Browser extensions and other in browser data


> Native applications could be hacked if they are unsafe, trough the use
> of buffer/heap overflow like techniques, by triggering an external
> exploit payload (for example by sending an email to a
> thunderbird/enigmail target user).
>

But the browser is a native code application! So native code exploits
affect:

1) Browser extensions and other in browser data
2) Native applications

So, my personal feeling is that chrome browser extensions can provide a
> better secure environment for crypto applictions than the native ones.


No, browser extensions have *more attack surface* than native applications.
If you're pwned at a native code level, everything you're doing in browsers
is vulnerable too.

Provided you are able to obtain a good build of a well-audited native
crypto app, it's sandboxed from browser-based attacks via the browser.

If you are able to obtain a good build of a well-audited Chrome extension,
it's still potentially susceptible to browser-based attacks.

In either case, if the crypto software itself is compromised, it's
effectively game over. Using a native code app will airgap you from
browser-based attacks (kind of)

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140123/e4aa4d3b/attachment.html>