[Cryptography] Recommendations in lieu of short AES passphrases
Kent Borg
kentborg at borg.org
Sun Sep 18 15:38:38 EDT 2016
On 09/17/2016 06:37 AM, Michael Kjörling wrote:
> (see [1] for some actual suggestions; feedback on that page welcome!)
I have some disagreements:
- Password managers are a bad idea. They become an
all-eggs-in-one-basket, single-point-of-failure. Why should we trust
them to be both competently written and honestly written? Even if they
are perfect, what about some local malware that compromises the machine
accessing them? Was it Lastpass that was recently broken? Why will that
be the last vulnerability? My advice: Write down passwords on physical
paper, obfuscate them slightly, obfuscate what accounts they are for,
keep that paper safe! Frequently copy new entries to a second backup
piece of paper which you store apart from the first. (Don't trust
photocopies to backup your password list, unless you have an obsolete
analog copier.)
- Two-factor authentication is trendy but not always good. You don't
distinguish between two-factor as a password recovery mechanism and
two-factor as a supplementary measure. I have a bank that insists on
sending me an SMS every time I login, because I always delete their
cookie. Fine with me--as a supplemental measure, but cellphone numbers
are easy to hijack. As a recovery mechanism SMS becomes a gaping hole:
bad guy ports your number and recovers your password. Similarly, you
don't distinguish between different kinds of two-factor gizmos and how
hard they might be to hijack (cellphone vs. physical fob token with
changing numbers). However, RSA had a complete breach of their tokens a
few years ago--I don't really trust any of them.
- You don't clearly distinguish between passwords vs. encryption keys.
Passwords don't need to be very strong, they are supplied to some
login-mechanism that should throttle how fast attempts can be made.
32-bits of entropy (e.g., quebec-natural-group or
cabaret-mystery-export) can be easy to remember and easy to type, yet
plenty strong for any decently set up system. And if the system is not
decently set up? Then there are probably a lot easier ways in than
brute-forcing your password. And if the hashed version is acquired? So
what! If you don't recycle passwords, it only means the crackers might
log in as you, to a machine that it seems they already have access to.
So what. Change that password, or quit using that insecure service.
Encryption keys, however, are a completely different beast! They should
be dang long. A very important distinction! A key like
62b-72c98-60a3-4ce0-b1a4-2abd0-ca14bc5 is pretty impossible to remember
but not impossible to carefully type, and pretty much a necessary length
for a secure encryption key.
Some possibly missing points:
- Some accounts are more important than others. Accounts that involve
money are obvious, but also e-mail accounts that would be part of a
password recovery mechanism for other accounts (such as the ones that
involve money). Also be careful with accounts used as login mechanisms
for unrelated services ("Login it with Google or Facebook!"--I recommend
not doing that when possible.). These more important accounts don't need
better passwords, but they do need better care on your part to protect them.
- For important financial accounts that allow you to pick your own
username, pick a password-quality username (world-project-flash) in
addition to a password-quality password (shrink-digital-disco). Now
there should be no risk of being locked out because of too many failed
logins from some cracker, and it makes a rogue password recovery harder.
- Don't give your password to anyone or anything other than the account
you are going to use it for. Don't type it on the computer in the hotel
lobby. If it is important don't type it on your friend's computer. Don't
type it into the wrong account, don't type it into a link you clicked on
in an e-mail. Ios and Android devices that are connected to the internet
and used for all that cool stuff they can do...are not a good place to
type important passwords, they are too big a target for malware. Don't
use wireless keyboards and mice. Segregate your reckless and buggy
computer activities from important passwords: Consider keeping a
computer that you maintain very conservatively and only type important
passwords on it; don't install any software on that computer that you
don't have to--don't stick into it random Windows device driver disks
for random silly gizmos that you don't need. Don't have your kids
installing unnecessary software on your conservative computer. If you go
really crazy about maintaining a separate, secure computer...then maybe
use a password manager--an offline password manager, no cloud stuff. A
simple password manager that doesn't automatically type passwords for
you--you don't want automatic things happening with your passwords,
automatic things go wrong, automatic things are dangerous.
- Changing passwords. There is religious doctrine out there that
passwords should be frequently changed. I think it is worth saying that,
unless you give the password to someone, unless you have reason to think
it was stolen, unless some stupid admin requires you change it, there is
no need.
- Passwords are important. Pretty much your whole life sits behind
passwords, it is worth taking care regarding passwords.
- Trying to hide something off-the-grid isn't as easy as you might
think: Just because *you* don't set up an online account for your
retirement funds doesn't mean there isn't one still sitting there, ready
for an attacker set up. First time setups (mother's maiden name...) are
not as secure as a decent password. Set up all your accounts.
About the burden of not recycling passwords:
As far as I can tell, everyone thinks it is a bad idea to recycle
passwords, but almost everyone does it anyway. A shame. Yes, it requires
some discipline to record all those passwords, but it isn't so
cumbersome once you are up and running. If you have easy-to-remember and
easy-to-type passwords (farmer-turtle-sardine) you will quickly learn
all the ones you frequently use, and then you just type them in when
needed. The only time you have to refer to your records is for obscure
accounts you don't use often, which means not that often. I refer to my
password records just a few times a week, because mostly I know the
passwords I use.
-kb, the Kent who disagrees with a lot of people on these topics.
More information about the cryptography
mailing list