[Cryptography] password fatigue; was: Lastpass

Tue Jun 16 22:37:10 EDT 2015

On 06/16/2015 04:19 PM, Randy Bush wrote:

> do not store critical secrets on others' systems.  period.  then, learn
> how to secure your own system(s); this is seriousy hard.

There are several ideas there.  My comments:

1) You have to secure your own system FIRST.  To say
   the same thing the other way:  If you enter your 
   password via a platform that has been pwned, then ....
  -- It doesn't matter how good your master pw is.
  -- Also it doesn't matter whether or not you use 
   lastpass or anything like that, and it doesn't
   matter whether you consider lastpass to be better
   than nothing or worse than nothing.
  -- Also it doesn't matter whether you use zero-
   knowledge authentication or anything like that.

2) Password fatigue is a problem.  We need to focus
 on this.  Lastpass gets "some" brownie points for
 attempting to solve the problem, even if you think 
 their attempt is less than 100% elegant and/or
 less than 100% successful.

3a) Snickering at lastpass does not solve the problem,
 not even a little bit.

3b) Telling users to solve the problem on their own
 does not solve the problem.

3c) The only way I can see to solve the password fatigue
 problem is to get web services to stop asking for a
 per-site password and instead use some sort of zero-
 knowledge authentication.  Schemes for doing this have
 been known for a long time.
   https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

3d) If anybody knows of a better solution, please let 
 us know.

4) Yes, securing your system is seriously hard.  Of
 course that includes securing the subsystem that
 handles your zero-knowledge authentication.

5) This supports my contention that the NSA is not very
 good at their job.  Note that Information Assurance is 
 part of their mission, if you believe their own website:
   https://www.nsa.gov/ia/
 If they had any sense, they would roll out some sort 
 of zero-knowledge authentication scheme and require 
 government sites to use it, e.g. when accessing the 
 security-clearance background info database, just to 
 pick a random example.

6) Similar words apply to google.  If they had any sense,
 they would embed some sort of zero-knowledge thing into
 android and chrome, and use it when connecting to
 *.google.com.

On 06/16/2015 08:41 AM, Sean Lynch wrote:

>>  Use something that doesn't have a giant target painted on it,

a) One thing that Snowden made clear is that essentially
 everybody on earth is a target.  One big hardened target
 is not necessarily more problematic than millions of small,
 soft, juicy targets.

b) If the intent was to say "Don't put all your eggs in
 one basket" I'm not sure that's uniformly good advice.  
 Mommy birds generally do put all their eggs in one nest.
 Then they go to some trouble to defend that nest.  The
 one-basket strategy is not always right, but it's not
 always wrong, and should not be dismissed out of hand.
 Thoughtful analysis is required.

> How about KeePass on SyncThing or Tahoe LAFS?

Those are specific constructive suggestions.  Always
appreciated.

KeePass is clearly better than nothing.  It reduces the
attack surface, and /somewhat/ lessens the cost of a
breach.  As I see it, from the user-interface point of
view, getting the users to employ a password manager 
is no easier than getting them to use a zero-knowledge
authentication agent ... so why not go all the way?

  FWIW personally I use a password manager ... but
  I consider it little more than a finger in the
  dike.  It's not the Right Thing™.

This gets back to the previous discussion of "BCP".
We need to get out the message that transmitting
passwords in any form is not best current practice;
it's not even Baseline Competent and Prudent.

Unless I'm missing something, syncthing and LAFS do
not claim to solve the general password-fatigue problem.