[Cryptography] Why don't we protect passwords properly?

[Krisztián Pintér]

Bill Frantz (at Wednesday, December 25, 2013, 5:25:03 AM):

> It's an interesting intelectual
> challenge, but not yet of practical importance.

we always learn very late when an attack goes from theoretical to
practical. if you are lucky, you read in in an academic paper. if not,
mainstream newspapers. considering that the industry needs years if
not decades to move from one method to the next, i assert that we are
already late.

> OK, when is the cold boot attack a practical attack?

yep, this is the game we (you and i) are playing right now, but this
is a game i refuse to play. if your attack model consists only of
things that i can come up with and you can not dismiss in some way, i
can assure you your system will be as far from being safe as it gets.
we don't choose side channel resistant methods because we can outline
a realistic attack using those. but because we don't want to leave the
possibility open, so we have one less problem.

also, consider a system protected by all the things you came up with.
futuristic casing, must be powered off physically before leaving it,
maybe a kill switch on the outside, all sort of hw locks and whatnot.
what is the user experience? i would probably say, f security, i don't
care anymore.

> it hurts, don't do it.

or make it not hurt. i think this latter is the more modern approach,
at least in medicine. the don't do it approach is more medieval.