[Cryptography] Follow up on my password replacement idea

Ilya Kasnacheev ilya.kasnacheev at gmail.com
Mon Sep 28 01:44:02 EDT 2015


2015-09-22 22:59 GMT+07:00 Bill Cox <waywardgeek at gmail.com>:

> On Mon, Sep 21, 2015 at 12:28 AM, Ilya Kasnacheev <
> ilya.kasnacheev at gmail.com> wrote:
>
>> What do you think of that? Because current situation with passwords on
>> the internet is unmanageable and replacement is needed - waterproof enough
>> to do users more good than harm.
>>
>
>
> I agree that a replacement, or at least a significant upgrade, is needed
> to passwords.
>
> Your scheme was fun to read.  It is yet another scheme to split secrets.
> The "canonical" method is probably Shamir's Secret Sharing
> <https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing>.
>

Thank you for the link.


>
> A good example of an attempt to use a secret sharing scheme in
> authentication is the PolyPassHash
> <https://password-hashing.net/submissions/specs/PolyPassHash-v1.pdf>
> algorithm, though they only covered password security on the server.
>
> I think the problem you are trying to solve is authentication, which is
> tougher than password security.  Having even 2 devices participate in
> authentication dramatically improves security.  Google does this with 2-Step
> Verification <https://www.google.com/landing/2step/>.  However, the
> number of people who have bothered to use this is an insignificant fraction
> of all users, so the problem of authentication remains very tricky.
>
> So, the problem we need to solve is making 2-devices (or more) for
> authentication almost invisible to the user.  If even touching a screen is
> required, 99% of all users will not bother to protect their bank accounts
> with the required extra effort.  Imagine if you had to touch your phone to
> log into your work account on your laptop.  That's no biggie, but let's say
> you forgot to charge your phone and when you got to work it was dead?
>

I don't think there's an universal solution. I think there's a number of
small solutions and best practices which together should make users' life
bearable and predictable in exchange to some extra effort on their part.

Bank accounts - I guess they already require 2 factor auth, in my
experience in form of text (SMS) messages. When you login, they send you a
text with a number, you input that number thus proving that you control
your cell number.
Of course this fails in case the attacker steals your phone and knows where
your account is. This only protects desktop from being compromised.

Logging in should be as painless as possible, but for dangerous operations
we could ask user for 2nd step confirmation. Dangerous operations are, for
example, account deletion.

All operations that are not dangerous and not require 2nd step confirmation
should be easily reversible. Reverting the damage should be cheaper than
inflicting damage, this way attackers are dissuaded from investing effort.

In future there will be big scandals regarding to cybercriminals making use
of huge (login, password) databases they already have, trying those pairs
on various services and inflicting dollar of losses while making a cent in
profits. Here we will see interest in more secure authentication coming
from the common folk.

I also had a few talks and had more insight: Some people don't care about
passwords that much. They care about their email and maybe primary social
network but not about 100+ random accounts over the net that they
accumulated.
Some people like to logoff from services after they finish using them
(tricky with my scheme)
Those who at least care about their e-mail are quite happy with existing
2fa like Google provides.


>
> This authentication problem is a lot tougher than it sounds.  It goes way
> beyond what cryptographers worry about all day.  It will take solid
> engineering to improve the situation, in addition to solid crypto.
>
> Bill
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150928/48770df9/attachment.html>


More information about the cryptography mailing list