[Cryptography] What do we mean by ... ???
John Denker
jsd at av8n.com
Tue Feb 17 14:58:41 EST 2015
On 02/07/2015 05:05 PM, Bill Frantz wrote:
>
> The more I hear people talk about making thing secure, the more I
> hope they will explain what they mean by secure.
I've been enjoying this voluminous thread ... and also
the one about "best practices".
Here's my two millicents worth:
Ideas are primary and fundamental. Terminology is tertiary.
Terminology is important only insofar as it helps us formulate
and communicate the ideas.
1) It is nice to see that despite the title, the "best
practices considered bad term" discussion was almost
entirely about ideas, not terminology.
Small constructive suggestion: Insofar as BCP (best current
practices) is a term open to abuse, we can use a different
term, perhaps BPP (baseline prudent practices) ... with the
understanding that any particular instance ought to exceed
the baseline by a wide margin.
2) As for the terminology of "security", in my book that's
asking the wrong question. Some people use the term
"reliability" to cover a combination of security and
availability. For example:
-- The proverbial air-gapped abacus in a vault inside
a Faraday cage surrounded by armed guards is very high
on security, but low on availability and usability.
-- The converse is more complicated. Availability
(especially in the long term) requires security against
intrusion; otherwise hackers will take down your
system whereupon you have neither availability nor
security, much less reliability. Still, though,
availability is not the only requirement, especially
if you have secrets that you need to keep. You
don't want your secrets to be available to everybody.
So reliability really is the better idea, comprising
both security and availability.
3) There was a tangential mention of baseline prudent
practices concerning the choice of passwords. As I
see it, that's another example of asking the wrong
questions. IMHO almost all of what we now do with
passwords should be protected by some sort of zero-
knowledge crypto. This would decrease the attack
surface by orders of magnitude. When I do business
with Achmed's Recycled Body Parts, he should have no
clue what password I am using, only that it is the
same password that I used last time. Obviously if
Achmed gets hacked, the hackers can impersonate Achmed
to me ... but they cannot get my password from his
files, not even if I log into the hacked site. In
particular, the hackers cannot impersonate me to other
sites, not even to Achmed's sister (Kitty's Kosher
Pork and Porno Emporium).
To say the same thing the other way, if I am running
a web site, I do *not* want to know anybody's password!
I don't want their password on my site, even momentarily.
That's because knowing it would make me a target for
bad guys who want to steal the password. Why be
responsible for protecting something if I don't
need to?
>From the user's point of view, it looks the same,
only better, so there is no barrier to adoption
that I can see. It's better in the sense that
the user needs to remember only one password,
with improved security.
This reduces the number of things the user has
to trust, but of course does not reduce it to
zero. The local agent that carries out the
algorithm can still be subverted, perhaps by
a keylogger, but that is a much smaller target
than before.
By way of contrast, using a unique password
per site is more secure than using one password
for all, but it is less convenient, and also
carries some unnecessary risks, e.g. replay
et cetera.
There exist implementations of zero-knowledge
password systems, e.g.
https://bitbucket.org/simon_massey/thinbus-srp-js
and probably others. Does anybody here have any
experience using such things? Any useful pointers?
Why are such things not more widely used? Why are
they not already fully integrated into servers and
browsers????
More information about the cryptography
mailing list