[Cryptography] Why don't we protect passwords properly?

Patrick Mylund Nielsen cryptography at patrickmylund.com
Sun Dec 22 02:40:25 EST 2013


On Sun, Dec 22, 2013 at 1:28 AM, ianG <iang at iang.org> wrote:

> On 22/12/13 02:07 AM, Patrick Mylund Nielsen wrote:
>
>> There are people who really should know better: IETF WG members,
>>
>
>
Why do you think they should know any better?  Just curious...
>
> This is like the old von Mises fallacy of government regulation.  He asked
> why it is that people think that the government knows more about the market
> than those in the market?  When you analyse what happens in the real world,
> all the signs point to the opposite:  if people knew more about the market
> than the players, then they would be in the market making money.  The
> reason they join the government is more likely that they know too little to
> be in the market.
>
> What's that old saw about teachers?


Point well taken.

3.  The amount of stuff to learn to defeat the aggressive knowledgeable
> attacker is seriously scary.  One guy could possibly do it after 10 years
> or so, but it really requires a team of diverse strengths.  E.g., This week
> there was news of acoustic analysis, which perversely seems to be reverse
> correlated with other side-channel analysis techniques.  Oh dear.  A month
> ago there was a scare story about jumping airgaps.


Indeed, in light of recent events, it's easy to think that almost anything
a single person or a small team does is futile against a well-equipped
adversary. (I dare say one guy, given any amount of training, would still
be bested by the tendency of any human to make mistakes.) That puts an even
greater emphasis on the need for large groups composed of people with such
diverse strengths to work for the public good.

The best a single person can do is to use whatever is presented to them. If
they're never presented with anything, or don't understand the "why" (and
they actually tried to,) you can't really blame them for messing up
something important.


> 4.  Critics think every thing should be fixed, and give the developers no
> credit.  So criticism is loud, but it more follows the crowd than is
> actually useful.


I certainly don't mean to loudly criticize developers who choose a poor
construction. or make their own, even if it might put many users at risk.
If we know what works, but people continue to do something completely
different after more than a decade of md5crypt and bcrypt, the failure is
on us being... well, poor teachers. (Sorry, I couldn't resist.)

I tend to be the loudest in my criticism when people actively argue
*against* anything but a few iterations of SHA-256 with arguments that
outright dismiss user security without even providing a usability benefit.
When you're having trouble reaching a bigger crowd, misinformation
certainly doesn't help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131222/45378fec/attachment.html>


More information about the cryptography mailing list