Sick of Acronyms Archive Pages Categories Tags

Lots of explanation...

18 August 2009

But no useful information. GPush FAQ:

Should I be concerned about providing my password to GPush?

When we created the app, we committed first and foremost to security. We are using multiple levels of encryption including SSL, obfuscation, and cipher-based encryption. SSL ensures that your credentials can be transported securely. Your login credentials are encrypted using an encryption scheme that has never been cryptographically broken, with a different 'secret key' for each user. To test these security measures, penetration tests were ran on the server with no information accessed.

So what's the problem with this explanation? Nearly everything- the use of SSL is the only really useful piece of information, since we know what ciphers GMail supports. On the other points:
  • Obfuscation: This could mean anything, even that they named sensitive files as grandmasGroceryList.txt to throw off hackers.
  • Encryption scheme never been broken: This, again, means nothing. It is some custom scheme that has never been analyzed? I don't want someone's ROT-13 encoder protecting my personal information.
  • Different secret key for each user: How are these keys generated and stored? How is this key repository stored to prevent unauthorized access? Is it done in such a way that this is this better (security) than having a single key for each user? Probably not. More than likely, it is just another level of indirection.
  • Penetration tests: Professional? Script kiddy? State-sponsored? Automated tools? What level of access was given, and what testing procedures were followed?
If we are expected to believe that the due diligence was performed in the creation of this utility (especially the server-side components), this information shouldn't be hard to provide. Identify the ciphers. Detail the encryption process and the defense measures put in place. Provide some context regarding the testing procedures.

Or don't provide that data at all. It may prove less troublesome in the end. Because with good encryption or not, allowing someone to have your credentials (impersonation) is potentially dangerous. You just have to weigh the benefits of the solution against the cost of having to change your GMail credentials and the relatively low possibility that someone gets access to your account.
Fork me on GitHub