cookies and internet

Lon Willett <>
Thu Jul 12 17:11:50 CEST 2001


At 11:23 12/07/01, taesch wrote:
>if the erlang model would be used over the internet, how would the security
>model do with that ?

Not very well.  The current Erlang/OTP implementation pretty much assumes 
that the transport layer is secure.

>is the cookie good enough ?

Probably not.  It's not really meant to provide anything more than a very 
simple authentication method that assumes the underlying transport 
mechanism is secure.  And, BTW, the default cookie generation is very 
broken.  This probably doesn't matter, since the mechanism isn't meant to 
be cryptographically strong anyway.  But if you decide to implement a 
mechanism that is, for example one that uses the cookie as a key to encrypt 
and MAC the erlang messages, then you will need to be sure that the cookie 
is generated using a good crypto (P)RNG.

>how do u pass it first hand ?

Carefully.  ;-)

But really, if I understand what you're asking, then the answer is that, by 
design, this is outside the scope of what Erlang/OTP specifies.  And with 
the current Erlang/OTP communications model (where the cookie is sent in 
the clear anyway), one needn't be too careful with it, but shouldn't be 
careless either (e.g. ftp is probably fine for transporting it, but be sure 
that the file protection is set appropriately on the systems where it is 
stored).

>generally, have any study made in this area ? mail postst ? paper ?

You can check out the Safe Erlang project at 
http://www.ericsson.se/cslab/~dan/proj/safeerlang .  This is an ambitious 
attempt to add capabilities based access-control and secure communications 
to erlang, but I believe that it is still experimental at this time.  I 
also seem to recall hearing rumours that someone made the erlang 
communications run over SSL, but this might be mistaken.

I've been intending to implement a simple version of cryptographically 
secured communications for Erlang/OTP, but haven't found the time.  If 
someone else is working on this (or wants to), then I'd be happy to share 
my ideas.  There are some subtle problems involved in setting up such a scheme.

I hope this helps.

/Lon




More information about the erlang-questions mailing list