[Cryptography] Recommendations in lieu of short AES passphrases

John Denker jsd at av8n.com
Sun Sep 18 16:26:20 EDT 2016


On 09/18/2016 12:38 PM, Kent Borg opined:

> - Password managers are a bad idea.

Opinions differ on that.  I would argue that they are the
worst imaginable idea, except for all the known alternatives.

Some of the smartest, most security-conscious folks I know
use password managers.

> They become an all-eggs-in-one-basket, single-point-of-failure.

Sometimes it is a good idea to put all your eggs someplace
safe, and watch that place very carefully.  It decreases the
number of places you have to watch.

> Why should we trust them to be both competently written and honestly
>  written?

Why should we trust the users to remember a gazillion different
passphrases, when every study ever done indicates they are not
very good at that?

> Even if they are perfect,

Nothing is perfect.

> what about some local malware that compromises the machine accessing
>  them?

Then you're screwed anyway, with or without a password manager.

> Was it Lastpass that was recently broken? Why will that be the last 
> vulnerability?

Lastpass and four others were found vulnerable in 2014:
  http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/

OpenSSL was also found vulnerable in 2014:
  http://heartbleed.com/

I suggest that rather than giving up on SSL entirely, it makes
sense to fix the implementation and keep using it.  Ditto for
password managers.

> My advice: Write down passwords on physical paper, obfuscate them 
> slightly, obfuscate what accounts they are for, keep that paper
> safe!

You've just made yourself -- and all your advisees -- targets for
muggers, pickpockets, evil maids, shoulder surfers, et cetera.

Also the inconvenience of paper creates pressure to keep passphrases
short and/or cute, further reducing security.

> - Don't give your password to anyone or anything other than the 
> account you are going to use it for.

IMHO it is security malpractice to transmit passwords *even* to
the account that is trying to authenticate you.  It would make
more sense to perform a zero-knowledge proof that you know your
master password.

Therefore a suggestion:  Don't give your master password to anyone
or anything other than your password manager (aka ZK proof manager).

For users who rely on present-generation password managers, the
incremental burden of a ZK proof manager would be zero, if the
infrastructure supported it properly.  This in itself is an
argument in favor of password managers, since it gets people
moving in the right general direction.

> Don't type it on the computer in the hotel lobby.

That's a corollary of the more general rule:
  If you don't have physical security, you don't have security.

> Yes, it requires some discipline to record all those passwords,

Study after study has shown that most users don't exhibit that 
kind of discipline.

> If you have easy-to-remember and easy-to-type passwords
> (farmer-turtle-sardine) 

That's too short.

> you will quickly learn all the ones you frequently use, 

All evidence indicates that unaided users will either:
  a) reuse phassphrases,
  b) write down passphrases in some insecure way, or
  c) forget passphrases

> -kb, the Kent who disagrees with a lot of people on these topics.

Perhaps it would be worthwhile to work toward a consensus.



More information about the cryptography mailing list