[Cryptography] Security weakness in iCloud keychain

Ray Dillinger bear at sonic.net
Fri May 4 22:37:11 EDT 2018 


On 05/04/2018 07:19 AM, Kent Borg wrote:

> To appropriate an old cliché: We have a fad of everyone getting
> elaborate and fragile "baskets"--of just a few designs--and putting all
> their "eggs" in these baskets. This is not going to end well.
> 
> But the experts all say I am wrong.
> 
> -kb, the Kent who is shouting into the wind.

A whole lot of stuff is becoming unusable UNLESS you let something store
your passwords digitally.  Like Kent, I do not want passwords stored
anywhere on any computer.  Yes, I prefer to type them.  EVERY time.

I acknowledge that other people have other opinions, but if I can't tell
a so-called "password manager" that it is supposed to put up a damn
dialog box literally EVERY time ANYTHING wants a password, and NEVER
store them in any non-volatile storage, then I do not want that password
manager and I do not want any software that depends on it.

But even that's not enough.  A lot of "Helpful" software doesn't even
ask the "password manager:"  it simply stores passwords by default, or
even when I specifically have a setting that says DON'T store them.  On
investigation there's always some weaselwording that the setting
"doesn't apply to this other function, only to THAT function..." or that
"this means we don't put it on our cloud, but it still goes around so it
could get stolen by anyone who got his hands on one of your other
machines...." or something.

But the thing which is wrong is that passwords ARE BEING STORED, period!

The whole point of a password is that it is something which is NOT
STORED ANYWHERE ON ANY COMPUTER.  If it is ever available, it is
supposed to be because you personally are present and have just entered
it, authorizing that machine (and no other) to do something at that time
(and no other). That is why passwords are accepted as a confirmation
that something expresses your actual and current will and intent.

I don't want a password I entered six hours ago taken as permission by
software to do anything now.  I don't want a password I entered on my
work computer to be usable by somebody who manages to steal my damn
phone. I don't want work VPNs or mailboxes to be openable on my personal
box. My work machine should never inadvertently gain access to private
mail or my porn stash.  And if I'm getting a new phone, one of the
reasons will be specifically because I DON'T want any part of the
previous configuration or old secrets present on it ever.

If any password is ever available to any program when I am not currently
using that program, or at some time long after I have entered it, or on
some machine other than the one where I entered it, something is WRONG.

Privacy is the ability to manage access to my information.  That
includes giving me the choice to NOT have access to it on the wrong
machine, at the wrong time, or from the wrong location, or in the wrong
circumstance.

We need the power to keep separate parts of our lives separate, and the
power to minimize the damage that could be done via any single stolen
machine.  The people who create password managers are largely ignoring
that need.

Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180504/cbdd84fa/attachment.sig>

More information about the cryptography mailing list