cookies and internet
Lon Willett
Lon.Willett@REDACTED
Thu Jul 12 17:11:50 CEST 2001
At 11:23 12/07/01, taesch wrote:
>if the erlang model would be used over the internet, how would the security
>model do with that ?
Not very well. The current Erlang/OTP implementation pretty much assumes
that the transport layer is secure.
>is the cookie good enough ?
Probably not. It's not really meant to provide anything more than a very
simple authentication method that assumes the underlying transport
mechanism is secure. And, BTW, the default cookie generation is very
broken. This probably doesn't matter, since the mechanism isn't meant to
be cryptographically strong anyway. But if you decide to implement a
mechanism that is, for example one that uses the cookie as a key to encrypt
and MAC the erlang messages, then you will need to be sure that the cookie
is generated using a good crypto (P)RNG.
>how do u pass it first hand ?
Carefully. ;-)
But really, if I understand what you're asking, then the answer is that, by
design, this is outside the scope of what Erlang/OTP specifies. And with
the current Erlang/OTP communications model (where the cookie is sent in
the clear anyway), one needn't be too careful with it, but shouldn't be
careless either (e.g. ftp is probably fine for transporting it, but be sure
that the file protection is set appropriately on the systems where it is
stored).
>generally, have any study made in this area ? mail postst ? paper ?
You can check out the Safe Erlang project at
http://www.ericsson.se/cslab/~dan/proj/safeerlang . This is an ambitious
attempt to add capabilities based access-control and secure communications
to erlang, but I believe that it is still experimental at this time. I
also seem to recall hearing rumours that someone made the erlang
communications run over SSL, but this might be mistaken.
I've been intending to implement a simple version of cryptographically
secured communications for Erlang/OTP, but haven't found the time. If
someone else is working on this (or wants to), then I'd be happy to share
my ideas. There are some subtle problems involved in setting up such a scheme.
I hope this helps.
/Lon
More information about the erlang-questions
mailing list