[Cryptography] Recommendations in lieu of short AES passphrases

[Michael Kjörling]

On 18 Sep 2016 15:38 -0400, from kentborg at borg.org (Kent Borg):
> On 09/17/2016 06:37 AM, Michael Kjörling wrote:
>> (see [1] for some actual suggestions; feedback on that page welcome!)
> 
> I have some disagreements:

I certainly expected people here to disagree with some of that.

Let me just point out first that what I wrote on that page isn't meant
as the end-all, be-all, protects-against-everything set of advice.
It's nowhere near that. It's meant to be _reasonably actionable_ to
protect people in general against password-class attacks.

Also, I'm not saying that passwords, especially static passwords, is
an ideal solution to the problem of establishing an identity. But they
are here, and we're basically going to have to live with them for a
long time still, because for most purposes, as a concept, they are
_good enough_.


> - Password managers are a bad idea. They become an
> all-eggs-in-one-basket, single-point-of-failure. Why should we trust
> them to be both competently written and honestly written? Even if
> they are perfect, what about some local malware that compromises the
> machine accessing them? Was it Lastpass that was recently broken?
> Why will that be the last vulnerability?

Of course that won't be the last vulnerability. And you'll notice I
have a _huge_ reservation on that page about online password storage
services. Locally running software isn't _necessarily_ safer, but if
there's malware on your system capturing passwords (or even all
keystrokes), then for passwords, you are screwed almost no matter what
you do that doesn't involve only one-time passwords; and you are
probably screwed anyway, but for non-password-related reasons.

But if an online password management solution allows users to use
secure passwords, as opposed to ones straight out of the Top 100
lists, then doing so is _probably_ a step in the right direction.


> - Two-factor authentication is trendy but not always good. You don't
> distinguish between two-factor as a password recovery mechanism and
> two-factor as a supplementary measure. I have a bank that insists on
> sending me an SMS every time I login, because I always delete their
> cookie. Fine with me--as a supplemental measure, but cellphone
> numbers are easy to hijack. As a recovery mechanism SMS becomes a
> gaping hole: bad guy ports your number and recovers your password.
> Similarly, you don't distinguish between different kinds of
> two-factor gizmos and how hard they might be to hijack (cellphone
> vs. physical fob token with changing numbers). However, RSA had a
> complete breach of their tokens a few years ago--I don't really
> trust any of them.

I could have gone into plenty more detail, but the page was already
becoming quite long, and I also wanted something that people _actually
might read_. True enough, no method (including 2FA) is a panacea, and
they have different security properties. The question I was trying to
answer with the part on 2FA was _how the average user might be able to
strengthen their login credentials beyond a simple password without
breaking a leg_. Porting someone's cell phone number to get access to
their SMS traffic is a very much targeted attack, and relatively
overt. If you are the type of person who might be the target of such
methods of attack (which, admittedly, likely constitutes a significant
fraction of this list's membership), then plan accordingly. The
average person on the street probably isn't going to be the target of
such an attack, yet could benefit from their Facebook account not
having "password1" or "qwertyuiop" as a password.


> - You don't clearly distinguish between passwords vs. encryption
> keys.

I don't even talk about encryption keys on that page. I suppose the
closest would be passwords to FDE containers, which would fall under
"passwords that you have to remember". The only place where that page
talks about encryption keys is in reference to locally stored password
manager databases, and that's only as essentially an aside.

I _do_ talk about passwords in terms of bits of cryptographic strength
in order to give a framework for how to compare different types of
passwords. It's largely meaningless to talk about a Diceware password
in terms of number of characters, but it's very sensible to talk about
it in terms of bits of strength against a brute-force attack executed
by someone who knows that you are using Diceware passwords.


> Some possibly missing points:
> 
> - Some accounts are more important than others.

This is a good point, and one I might very well consider adding.


> - Don't give your password to anyone or anything other than the
> account you are going to use it for.

That's easy to say, but most people aren't willing to have a
completely separate, air-gapped computer for their financial stuff,
let alone Facebooking, and if they did, those computers would very
likely quickly get the same malware as their main system anyway simply
because they don't have the discipline to maintain that level of
separation. Those people can _still_ be well served by protecting
their Facebook account with a decent password. Again, this is intended
for common people, not those with a threat model that can quite well
include nation state level adversaries. Much of it may apply _also_ to
the latter group, but more by virtue of being reasonable advice that
lots of people can adapt to their own situation than because I wrote
it to specifically target that group.


> - Changing passwords. There is religious doctrine out there that
> passwords should be frequently changed. I think it is worth saying
> that, unless you give the password to someone, unless you have
> reason to think it was stolen, unless some stupid admin requires you
> change it, there is no need.

Ah, yes. It bugs me out at work every few months when I have to change
my password; but only one out of, I think, four(!). Gives me headaches
every time until I get them all back in sync and get all sessions
reestablished. Windows and Active Directory, I'm looking at you.


> - Passwords are important. Pretty much your whole life sits behind
> passwords, it is worth taking care regarding passwords.

Indeed, and that's part of the point; give users an idea of _how_ to
take care regarding passwords. Saying something like the above might
make for a better introduction, though.

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)