[Cryptography] secure authentication ... as opposed to passwords

[John Denker]

On 05/07/2018 06:11 AM, Bill Frantz wrote:
> 
> Are there any schemes that we should consider?

Executive summary:  Zero knowledge proofs!

Don't frame it as a password problem;  frame it as
an authentication problem, then solve it properly.

Nowadays there is no excuse for requiring passwords
to be sent over the wire to be checked at the server,
much less stored on the server in any form.

===============

Consider the progression:

1) A single password.  Makes "some" sense if there
 is only one server you interact with.  Bad idea
 if shared across multiple servers.

2) Multiple passwords, committed to memory.  Bad
 idea from a usability point of view.  Passwords
 are always a tradeoff between too easily broken
 by the bad guy versus to easily forgotten by the
 good guy.

3) Password manager.  Of some /limited/ value as
 a stepping stone, in the sense that it is easy
 for users to understand, and gets them accustomed
 to using procedures that can evolve into something
 sensible.  See next item.  Uses a master password
 to unlock a "wallet" or "keyring".

4) Password generator aka password mangler. Generates
 a password for each site, guaranteed to be unique,
 guaranteed to be very long, based on a master
 password plus site ID plus other stuff.  Should
 use browser automation to fill in the "password"
 field in html forms.  Failing that, may use cut
 and paste for special applications.  Just as
 easy to use and in all ways better than (3).
 See also next item.

5) Zero-knowledge authentication.  Don't frame
 it as a password problem!  Frame it as an
 authentication problem, then do it properly.
 Just as easy to use and in all ways better
 than (3) or (4).

 If the server never sees the password, even
 temporarily, then it can't compromise the
 password.

 Code to do this sort of thing already exists.