[Cryptography] Recommendations in lieu of short AES passphrases

Kent Borg kentborg at borg.org
Sun Sep 18 15:38:38 EDT 2016 

On 09/17/2016 06:37 AM, Michael Kjörling wrote:
> (see [1] for some actual suggestions; feedback on that page welcome!)

I have some disagreements:

- Password managers are a bad idea. They become an 
all-eggs-in-one-basket, single-point-of-failure. Why should we trust 
them to be both competently written and honestly written? Even if they 
are perfect, what about some local malware that compromises the machine 
accessing them? Was it Lastpass that was recently broken? Why will that 
be the last vulnerability? My advice: Write down passwords on physical 
paper, obfuscate them slightly, obfuscate what accounts they are for, 
keep that paper safe! Frequently copy new entries to a second backup 
piece of paper which you store apart from the first. (Don't trust 
photocopies to backup your password list, unless you have an obsolete 
analog copier.)

- Two-factor authentication is trendy but not always good. You don't 
distinguish between two-factor as a password recovery mechanism and 
two-factor as a supplementary measure. I have a bank that insists on 
sending me an SMS every time I login, because I always delete their 
cookie. Fine with me--as a supplemental measure, but cellphone numbers 
are easy to hijack. As a recovery mechanism SMS becomes a gaping hole: 
bad guy ports your number and recovers your password. Similarly, you 
don't distinguish between different kinds of two-factor gizmos and how 
hard they might be to hijack (cellphone vs. physical fob token with 
changing numbers). However, RSA had a complete breach of their tokens a 
few years ago--I don't really trust any of them.

- You don't clearly distinguish between passwords vs. encryption keys. 
Passwords don't need to be very strong, they are supplied to some 
login-mechanism that should throttle how fast attempts can be made. 
32-bits of entropy (e.g., quebec-natural-group or 
cabaret-mystery-export) can be easy to remember and easy to type, yet 
plenty strong for any decently set up system. And if the system is not 
decently set up? Then there are probably a lot easier ways in than 
brute-forcing your password. And if the hashed version is acquired? So 
what! If you don't recycle passwords, it only means the crackers might 
log in as you, to a machine that it seems they already have access to. 
So what. Change that password, or quit using that insecure service. 
Encryption keys, however, are a completely different beast! They should 
be dang long. A very important distinction! A key like 
62b-72c98-60a3-4ce0-b1a4-2abd0-ca14bc5 is pretty impossible to remember 
but not impossible to carefully type, and pretty much a necessary length 
for a secure encryption key.


Some possibly missing points:

- Some accounts are more important than others. Accounts that involve 
money are obvious, but also e-mail accounts that would be part of a 
password recovery mechanism for other accounts (such as the ones that 
involve money). Also be careful with accounts used as login mechanisms 
for unrelated services ("Login it with Google or Facebook!"--I recommend 
not doing that when possible.). These more important accounts don't need 
better passwords, but they do need better care on your part to protect them.

- For important financial accounts that allow you to pick your own 
username, pick a password-quality username (world-project-flash) in 
addition to a password-quality password (shrink-digital-disco). Now 
there should be no risk of being locked out because of too many failed 
logins from some cracker, and it makes a rogue password recovery harder.

- Don't give your password to anyone or anything other than the account 
you are going to use it for. Don't type it on the computer in the hotel 
lobby. If it is important don't type it on your friend's computer. Don't 
type it into the wrong account, don't type it into a link you clicked on 
in an e-mail. Ios and Android devices that are connected to the internet 
and used for all that cool stuff they can do...are not a good place to 
type important passwords, they are too big a target for malware. Don't 
use wireless keyboards and mice. Segregate your reckless and buggy 
computer activities from important passwords: Consider keeping a 
computer that you maintain very conservatively and only type important 
passwords on it; don't install any software on that computer that you 
don't have to--don't stick into it random Windows device driver disks 
for random silly gizmos that you don't need. Don't have your kids 
installing unnecessary software on your conservative computer. If you go 
really crazy about maintaining a separate, secure computer...then maybe 
use a password manager--an offline password manager, no cloud stuff. A 
simple password manager that doesn't automatically type passwords for 
you--you don't want automatic things happening with your passwords, 
automatic things go wrong, automatic things are dangerous.

- Changing passwords. There is religious doctrine out there that 
passwords should be frequently changed. I think it is worth saying that, 
unless you give the password to someone, unless you have reason to think 
it was stolen, unless some stupid admin requires you change it, there is 
no need.

- Passwords are important. Pretty much your whole life sits behind 
passwords, it is worth taking care regarding passwords.

- Trying to hide something off-the-grid isn't as easy as you might 
think: Just because *you* don't set up an online account for your 
retirement funds doesn't mean there isn't one still sitting there, ready 
for an attacker set up. First time setups (mother's maiden name...) are 
not as secure as a decent password. Set up all your accounts.


About the burden of not recycling passwords:

As far as I can tell, everyone thinks it is a bad idea to recycle 
passwords, but almost everyone does it anyway. A shame. Yes, it requires 
some discipline to record all those passwords, but it isn't so 
cumbersome once you are up and running. If you have easy-to-remember and 
easy-to-type passwords (farmer-turtle-sardine) you will quickly learn 
all the ones you frequently use, and then you just type them in when 
needed. The only time you have to refer to your records is for obscure 
accounts you don't use often, which means not that often. I refer to my 
password records just a few times a week, because mostly I know the 
passwords I use.


-kb, the Kent who disagrees with a lot of people on these topics.

More information about the cryptography mailing list