[Cryptography] secure authentication ... as opposed to passwords
John Denker
jsd at av8n.com
Mon May 7 15:39:50 EDT 2018
On 05/07/2018 06:11 AM, Bill Frantz wrote:
>
> Are there any schemes that we should consider?
Executive summary: Zero knowledge proofs!
Don't frame it as a password problem; frame it as
an authentication problem, then solve it properly.
Nowadays there is no excuse for requiring passwords
to be sent over the wire to be checked at the server,
much less stored on the server in any form.
===============
Consider the progression:
1) A single password. Makes "some" sense if there
is only one server you interact with. Bad idea
if shared across multiple servers.
2) Multiple passwords, committed to memory. Bad
idea from a usability point of view. Passwords
are always a tradeoff between too easily broken
by the bad guy versus to easily forgotten by the
good guy.
3) Password manager. Of some /limited/ value as
a stepping stone, in the sense that it is easy
for users to understand, and gets them accustomed
to using procedures that can evolve into something
sensible. See next item. Uses a master password
to unlock a "wallet" or "keyring".
4) Password generator aka password mangler. Generates
a password for each site, guaranteed to be unique,
guaranteed to be very long, based on a master
password plus site ID plus other stuff. Should
use browser automation to fill in the "password"
field in html forms. Failing that, may use cut
and paste for special applications. Just as
easy to use and in all ways better than (3).
See also next item.
5) Zero-knowledge authentication. Don't frame
it as a password problem! Frame it as an
authentication problem, then do it properly.
Just as easy to use and in all ways better
than (3) or (4).
If the server never sees the password, even
temporarily, then it can't compromise the
password.
Code to do this sort of thing already exists.
More information about the cryptography
mailing list