[erlang-questions] Erlang cookies are secure

Tony Rogvall tony@REDACTED
Fri Jun 10 23:52:52 CEST 2016 


"typed while walking!"

> On 10 juni 2016, at 22:10, Per Hedeland <per@REDACTED> wrote:
> 
> Tony Rogvall <tony@REDACTED> wrote:
>> 
>> I am not sure what you mean by sniff cookies?
>> 
>> The distribution has been sending blank cookies since first open source release.
>> The distribution do not send the cookie in clear text but rely on a MD5 challenge procedure
>> at connection setup.
> 
> Hi Tony!
> 
> Indeed - and I will take credit for pestering you to fix that just
> before the first open source release:-) (I will not divulge what it did
> before that...).
> 
Yes, master.  :-)

>> So Erlang is more likely to be vulnerable to connection hijacking since not every message
>> is signed.
> 
> Yes - the *default* distribution fulfills none of the CIA requirements
> (no, not that evil US thing, but Confidentiality, Integrity, and
> Availability). But this has nothing to do with the authentication
> mechanism as such, and can be fixed by using TLS - which also brings one
> or more other authentication mechanisms, but they are not in any
> fundamental sense more "secure" than the cookie authentication.
> 
>> So keep the nodes safe and away from random users. At least until we get Safe Erlang ( any decade now )
> 
> Sure - but this point is actually also confusing in a cookie discussion,
> as shown by other messages in this thread - it is about the
> *authorization* you automatically get at the point when you have managed
> to break the authentication mechanism - i.e. basically you can do
> "anything". But this is independent of the strength of the
> authentication mechanism itself.
> 

My point was just that if the city wall has collapsed you could still have a couple of more walls to protect your but.

> I do find it rather tiresome with this constant ridicule of the cookie
> authentication from people who haven't even bothered to do a basic
> investigation of how it works, let alone done any actual security
> analysis.
> 
> And just to put another myth to death, no, you are not required to use
> the same cookie on all your distributed erlang nodes - every node is
> capable of maintaining a specific cookie for every other node, RTFM
> erlang:set_cookie/2.
> 
> It is absolutely true that *maintaining* security in a network with
> cookie-based authentication can be troublesome, and that e.g. TLS with
> certificate authentication can do much better in that respect, as long
> as you have mechanisms for certificate revocation properly set up (which
> in turn is not entirely trivial to do).
> 
> But again, as long as you do not throw your cookies around, AFAIK no-one
> has demonstrated any fundamental weakness with the mechanism as such.
> 
> --Per

More information about the erlang-questions mailing list