[Cryptography] Cost of remembering a password

Bear bear at sonic.net
Mon Aug 18 14:37:07 EDT 2014


On Sun, 2014-08-17 at 13:26 -0400, Phillip Hallam-Baker wrote:
> On Sun, Aug 17, 2014 at 4:09 AM, Guido Witmond <guido at witmond.nl> wrote:
> > On 08/16/14 18:18, Bear wrote:

> >> Whatever your password manager runs on, is a trusted system -
> >> ie, one whose compromise could absolutely destroy your security.

> >
> > The current design - where people type in passwords - is also considered
> > a trusted system. It's trusted not to leak the passwords when these are
> > typed in. The amount of keyloggers show that this trust is not warranted.

> Its not just considered trusted, it is trusted. So was MSDOS back in the day.

> It wasn't trustworthy though.

> Trusted Computing Group did not like it when I raised that nit at
> their meeting...

I have to inquire here whether TCG did in fact understand "Trusted" 
to have its literal meaning -- ie, a system whose compromise can 
destroy security?  

Because, honestly, we have acres and acres of trusted systems running 
on untrustworthy hardware and untrustworthy OSes.  

While we really need serious work on Trusted Computing -- ie, we 
need to figure out how to have far fewer trusted systems and put them 
on genuinely trustworthy (utterly simple inspectable tamper-evident)
hardware, that isn't what the Trusted Computing Group was doing.  
I have never gotten the impression that all these people really 
wanted to be manufacturing devices whose compromise could destroy 
users' security. 

I mean, I know what they worked on - the whole TCM and infrastructure
for creating software for the TCM that cannot be inspected or altered
without a key.  And yes, that would in fact be a hardware system whose
compromise could destroy security, ie, a trusted system.  But it seems
to me that it had nothing to do with the problem of too many trusted 
systems proliferating, did nothing to reduce the problem, and did not
even demonstrate an understanding of what the problem with trusted
systems is and why they are bad.

So I have to ask, what understanding of "trusted" did they have? 


			Bear





More information about the cryptography mailing list