[Cryptography] Password entry protocols

Henry Baker hbaker1 at pipeline.com
Sun Apr 1 10:14:50 EDT 2018 

At 02:55 PM 3/31/2018, Jerry Leichter wrote:
>> Is it just me, or are all password entry protocols
>> laughably easy to spoof?...
>> 
>> When a program/website asks me for a password, it's
>> the equivalent of someone in a spy movie asking on
>> the telephone "is this a secure line": which in
>> itself is laughable -- if you have to ask, it isn't!
>> 
>> So all I have to do is to simply copy the screen --
>> or the particular section of the screen -- and ask
>> someone to type in their password.
>
>You're leaving one thing out:
>
>Computers don't just randomly ask you to type in your password.  In a well-designed system, password requests are *responses to user actions*, such as connecting to a web site.

<snip>

The problem is, the password model only works (if it ever did)
when you have a *single process* running on your computer.  The
moment you have more than one process, you have moved from a
model where Alice and Bob are whispering in secret to a model
where Alice and Bob are talking loudly on a crowded bus or
restaurant with tens/hundreds of potential Eve's listening
(and talking/typing).

So to implement a password system on a modern computer&OS, one
would need the ability to reliably take *exclusive* control of
a portion of the screen -- which no one else could either read
or write -- and the ability to reliably take *exclusive* control
of the keyboard.  As we have painfully learned over the years,
simple SW means of exclusion can be trivially bypassed; this
exclusion has to be enforced in *hardware*.  When was the last
time that you saw a piece of computer/cellphone screen real
estate that was exclusively controlled by your bank?

Or some HW means/keyboard that you used *exclusively* to talk
to your bank?

With today's tens (or hundreds) of levels of input/output HW/SW
virtualization, good luck with that!

So once you have lots of Eve's listening, you're back in the
model where both ends of the communication need to *encrypt*
and *authenticate* each and every message.

Suppose that you are attempting to talk securely and
confidentially to your bank.  Your bank has to authenticate
itself to you, and you have to authenticate yourself to
the bank.  We have gone to a lot of trouble to come up with
TLS protocols to do this sort of thing over the web, but
with insecure operating systems, we now have to do these
protocols -- as human beings.  We have to have pocket
calculators which can (securely) compute RSA/ECC/AES/SHA
so we can do -- by hand -- the same sorts of calculations.

This story isn't going to end well.

More information about the cryptography mailing list