[Cryptography] Cost of creating huge theft targets [Was: Cost of remembering a password]

[Bear]

On Sat, 2014-08-16 at 12:35 -0400, Jerry Leichter wrote:
> On Aug 16, 2014, at 7:38 AM, Michael Kjörling <michael at kjorling.se> wrote:

> Actually, recent versions of Safari do that.  When they recognize a
> password field on a page that they don't have a password stored for,
> they generate one and offer to save it for you.  If you share your
> keychains through iCloud, the generated passwords become accessible on
> all your Apple devices.  Doesn't help with non-Apple devices, though.

This.  This is exactly why I will never, ever, use this feature.

In order for this password to 'sync' across other devices, it 
has to be stored, in clear or with cleartext recoverable, 
nonlocally at the site of a trusted service where it is part of
an aggregated theft target having massively greater value than 
my password alone.

If it were okay to use a trusted system controlled by someone 
else, there would be no need for a password in the first place.
My bank account password is mine, damnit, must be stolen from 
me individually, and is not worth any more effort to steal than 
my own bank account is worth.  

Systems like this aggregate hundreds of thousands of bank 
account passwords creating billion-dollar theft targets that can 
be stolen in bulk.  Even if the security is a thousand times 
better than I can do myself, the reward per criminal effort 
ratio still favors attacks on the aggregate once the aggregate 
contains more than a thousand bank passwords.  

These systems are a net loss in security because they drastically
lower the criminal effort required per dollar stolen.

This is a special case of a 'monoculture' problem; any system 
where millions of people are vulnerable to the same exploit 
lowers the amount of criminal effort required to exploit them 
all systematically.

Bear