[Cryptography] Cost of creating huge theft targets [Was: Cost of remembering a password]

[Phillip Hallam-Baker]

On Tue, Aug 19, 2014 at 9:38 PM, Jerry Leichter <leichter at lrw.com> wrote:
> On Aug 18, 2014, at 3:24 PM, Bear <bear at sonic.net> wrote:
>>> Actually, recent versions of Safari do that.  When they recognize a
>>> password field on a page that they don't have a password stored for,
>>> they generate one and offer to save it for you.  If you share your
>>> keychains through iCloud, the generated passwords become accessible on
>>> all your Apple devices.  Doesn't help with non-Apple devices, though.
>>
>> This.  This is exactly why I will never, ever, use this feature.
>>
>> In order for this password to 'sync' across other devices, it
>> has to be stored, in clear or with cleartext recoverable,
>> nonlocally at the site of a trusted service where it is part of
>> an aggregated theft target having massively greater value than
>> my password alone....
> Interestingly, Apple has addressed this issue in a white paper (http://www.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf).  They claim they don't store anything that they could decrypt.


Which is of course the sensible thing to do unless you like liability.

Last night I went to a class on laser cutters. Their tube is mostly
made in Germany but it is sold to a company in China who fills it with
gas and ships it on. The main function of the company in China being
to 'fill the tube up with liability'.


It is important to cost out every step in the process even though we
know cost shifting is happening. Shifting cost does not mean shifting
liability.