Potential problems in the Saphe solution
  • It is theoretically possible that a fraudulent web server will attempts to mimic the Saphe dialog box in order to convince the user to enter his password. It is assumed that since an actual operating-system window (DialogBox in Windows) is used by the plugin, no web-based code will be able to create a similar visual effect. Future versions will create even more noticable visual effects that will be harder to mimc
  • Since the key derivation is relatively time consuming (> 1 second) it is theoretically possible to cause server-side Denial of Service by sending multiple login requests. For each such request the server will be required to derive the key. If a sufficient number of such requests is pending, service may be denied for legitimate users. This scenario is not very likely, however, as a legitimate user name will have to be used in order to start the key-derivation process, and can therefore be blocked. Another prevention method is to limit the login attempts by any given user in a given time period
  • It is possible for an attacker to use a valid user name in order to obtain an encrypted Saphe data from the server and use offline password-enumeration tools in order to recover the password. Since the key derivation is relatively time consuming (> 1 second per password), it is assumed that if a strict password policy is enforced by the server then such enumeration is not feasible or at least not worth the cost in time and resources
  • It is assumed that the user's IP address remains constant (i.e: all the packets of a single HTTP session originate from the same address). It is further assumed that the URL of an HTTP request is not altered on the way by normal hops (except for case change of the letters). This assumption might not be true for all users. If any issues of this sort will arise in the future, changes may be required
  • The user's real IP address is currently retrieved from an independent server over a secure (SSL) connection. It is therefore assumed that the IP returned by this sever is indeed the IP address from which all of the user's HTTP packets originate. This assumption cannot be fully relied upon. Other methods for discovering the real IP address include: using a dedicated server especially for this purpose and using peer-to-peer servers (Note that using ICMP-based method, such as traceroute over NAT usually will not work, as the returned packets are altered by the NAT server)

Back to the Saphe solution page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License