[Cryptography] password fatigue; was: Lastpass

[Thierry Moreau]

Hi!

Thanks for this well-written review of a central issue.

On 06/17/15 02:37, John Denker wrote:
>
> 3c) The only way I can see to solve the password fatigue
>   problem is to get web services to stop asking for a
>   per-site password and instead use some sort of zero-
>   knowledge authentication.  Schemes for doing this have
>   been known for a long time.
>     https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

I must admit I never studied the SRP protocol details. I looked at it 
from time to time, however.

However, it may be significant that I never learned any *enrollment* 
protocol companion for SRP. Let me ask the question in the perspective 
of the present claim that larger SRP deployment is a good strategy for 
using a single password for multiple sites.

Say Alice enrolled a dozen sites with a single password using SRP for 
routine authentication. When enrolling with a next site, she worries:
a) is the local implementation supporting the enrollment procedure 
trustworthy with respect to not disclosing my password to the next site?
b) if I'm unsure about question a), I will have to revoke my enrollments 
with the already enrolled 12 sites ... hum ... the SRP designers must 
have foreseen this, don't they?
c) why nobody taught me something about SRP enrollment security?

(Obviously an enrollment protocol that discloses the password to the 
site with the assumption that the site will delete it at the end of the 
protocol is not an acceptable solution.)

> 4) Yes, securing your system is seriously hard.  Of
>   course that includes securing the subsystem that
>   handles your zero-knowledge authentication.

I see only one direction, which is actually not present in the 
marketplace. You need a separate system with limited functionality, 
features-lean instead of features-rich, on which the end-user performs 
the security-critical applications.

Regards,

- Thierry Moreau