[Cryptography] Why don't we protect passwords properly?
Bill Frantz
frantz at pwpconsult.com
Tue Dec 24 23:25:03 EST 2013
On 12/25/13 at 4:37 PM, pinterkr at gmail.com (Krisztián Pintér) wrote:
>attackers will use whatever they can. and i'm betting a thousand bucks
>on filling the RAM with sensitive data will be an attack vector sooner
>or later.
Possibly correct, but only if it is a cheaper attack than
others. There are so many cheaper attacks that this attack is
only a long range consideration. It's an interesting intelectual
challenge, but not yet of practical importance.
>>The cold boot attack goes away if you leave your device off
>
>it is not satisfactory to list the situations in which an attack is
>not feasible. we want to know when it is.
OK, when is the cold boot attack a practical attack?
>>Swap encryption is the sweet spot of cryptography
>
>swap encryption is nice, but attacks against memory are not limited to
>that...
The original question was attacks against swap images on disk.
Encryption prevents that attack and is available on many systems
by checking an option.
>RAM is shared on HW level between CPUs, very hard to protect on
>a VM, data travels on the bus which emits EM, etc...
In general, protecting one VM from another VM running on the
same hardware is a hard problem. As with many things in life, if
it hurts, don't do it.
Probably the best approach is to provide virtual clocks to
prevent timing attacks. Tough luck for timestamping and random
number generation though. Probably you can allow timestamping
accurate to the second if you don't use the secret too
frequently. Random numbers can be provided through virtual
hardware random number generators, but addressing all the
justified paranoia in this area will require examining the whole
system from hardware to final use.
EM attacks can be interesting practical attacks, but Tempest
packaging prevents them. While we are worrying about this style
of attack, lets consider the nanotech quadcopter the size of a
dust mote which can look over our shoulders and monitor our key
strokes. That device is probably not too many years in the future.
>>These attacks pale into insignificance compared with the know
>>attacks on passwords.
>
>i would agree that these are less important issues than password
>stretching...
Password stretching can only limit certain attacks. It does
nothing to limit attacks involving compromise of a site's
password file and the ensuing damage. The tendency of people to
use the same or similar passwords on multiple sites makes this
attack quite effective.
Working to eliminate passwords entirely seems to me to be a much
better approach. We could use client side TLS certs today, but
there are probably better solutions.
As an aside, and if you decide to respond to this paragraph,
please fork a new subject: Does there need to be a revenue model
which can support a business to get wide adoption for a security
technology? The revenue for CA certs certainly has encouraged a
number of businesses to support the CA model for TLS security.
This support is evidenced by standards body participation and PR flacks.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz | Re: Computer reliability, performance, and security:
408-356-8506 | The guy who *is* wearing a parachute is
*not* the
www.pwpconsult.com | first to reach the ground. - Terence Kelly
More information about the cryptography
mailing list