Passmark technology tries to solve the machine authentication problem
using encrypted cookies. The idea looks good, but I don't know how
safe it is.
One thing I forgot to explain is why storing secrets is a
vulnerability. Here is my $ 0.0002
Mutual authentication requires stored secrets on both systems. Stored
secrets and the applications that use them are vulnerability. Why???
By definition stored secrets must be stored in persistent storage.
Traditionally the options for storing these secrets were:
1) In applications. But applications may be reversed-engieered to
reveal the secret
2) In file system /databases. Needs another key to ecrypt these
databases. Now where do you store the new key that encrypts the
database that holds the 1st key? This is where the tokens and USB
cryptogaphics devices helped.
3) Obfuscating. This has proven to be unsecure
A software only solution can not address the above issues. Need
hardware. Thus the need for TPM, which stores the keys in temper-proof
hardware chip. TPM provides cryptographic engine. The keys don't have
to leave the TPM. Only the authorized applications can get the data
decrypted using TPM.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
