[Cryptography] Follow up on my password replacement idea

[Ray Dillinger]

On 09/23/2015 06:29 AM, Bill Cox wrote:
> On Tue, Sep 22, 2015 at 6:08 PM, Phillip Hallam-Baker <phill at hallambaker.com
> 
> Why is multiple keys on multiple devices more secure than a single key on
> those same devices?  An attacker needs only steal one of them to PWN user
> accounts.  The attack surface is about the same.

The attack surface is reduced by the user's hamfisted and careless
handling of keys and sensitive data as they fumble them from one
device into another - possibly with the "help" of software they've
downloaded from the attacker on an unsecured connection.

Yes, people do fall for that.  I recently had to clear malware out
of a machine where someone had downloaded "helpful" software to
copy all their financial data into a new format -- a new format
on a server somewhere in Belgium as best I can tell.  Along with
their key manager and all its data files, because of course they
let it run with the admin privileges it requested.

Just plain NOT asking users to share keys across devices is a really
good plan - you can't get them to develop secure habits for something
if it isn't something they do by habit every few hours of every day.
Not doing  it at all is better.  If you really want to have the same
accounts on many different devices (which I do not!) then let keys
for different devices get handled on the server side, because the
professionals on the server side *are* going to be doing it every
few hours of every day so they're going to develop a procedure
that's at least consistent, and they'll review it for security at
least as often as they get pwned.

Bear
			


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150923/4f0b5c27/attachment.sig>