[Cryptography] password fatigue; was: Lastpass

Natanael natanael.l at gmail.com
Wed Jun 17 05:52:48 EDT 2015 

Den 17 jun 2015 05:12 skrev "John Denker" <jsd at av8n.com>:
>
> On 06/16/2015 04:19 PM, Randy Bush wrote:
>
> > do not store critical secrets on others' systems.  period.  then, learn
> > how to secure your own system(s); this is seriousy hard.
>
> There are several ideas there.  My comments:
>
> 1) You have to secure your own system FIRST.  To say
>    the same thing the other way:  If you enter your
>    password via a platform that has been pwned, then ....
>   -- It doesn't matter how good your master pw is.
>   -- Also it doesn't matter whether or not you use
>    lastpass or anything like that, and it doesn't
>    matter whether you consider lastpass to be better
>    than nothing or worse than nothing.
>   -- Also it doesn't matter whether you use zero-
>    knowledge authentication or anything like that.

Agreed. Hardware tokens for key management is the easiest solution.
Yubikey, smartcards, etc.

> 3c) The only way I can see to solve the password fatigue
>  problem is to get web services to stop asking for a
>  per-site password and instead use some sort of zero-
>  knowledge authentication.  Schemes for doing this have
>  been known for a long time.
>    https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
>
> 3d) If anybody knows of a better solution, please let
>  us know.

FIDO Alliance has these neat protocols, U2F for hardware tokens (uses USB
HID, will support NFC) and UAF for local software.

It uses unique auth keypairs per-server, generated by the device used to
authenticate, then encrypted locally to be sent to be stored on the server,
with the public key known to the server.

On auth, after entering your username, the server generates a challenge for
you linked to the encrypted connection (your SSL/TLS session) such that
replay/relay/MITM attacks can't work, and send your device the encrypted
keypair (this way your token don't need large storage, and your use can't
be linked between sites from the token some). Your device decrypts the
keypair and challenge, verifies that it is linked to the current SSL
connection, signs the challenge, encrypts it to the server, sends it back.

Making it good enough even for use with multiple independent pseudonyms
over Tor. Only technical attacks against your local software has any chance
of success, and as per #1, if they can attack your local software you
failed already.

This scheme has support by Microsoft, Google, Yubico, Qualcomm and more.
Win10 will support it natively.

Combine with a PIN to unlock the token or similar and you've got pretty
good *simple* security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150617/4e1327cc/attachment.html>

More information about the cryptography mailing list