[Cryptography] Security weakness in iCloud keychain

Tue May 8 02:04:48 EDT 2018

> On May 7, 2018, at 5:53 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> 
> Bill Frantz <frantz at pwpconsult.com> writes:
> 
>> Here we have what is generally considered a really bad authentication
>> mechanism
> 
> "Passwords are the worst kind of authentication mechanism, except for all the
> others".
> 
> Passwords aren't bad because they're inherently bad, they're bad because
> security people have chosen to make them bad.  Everyone knows that they're no
> good, so we won't put any effort into doing things properly.  

[...]

Hear, hear.

I think that we really need some people to write software to make passwords easier to use and maintain.

Human beings have a tendency to think that security must also be hard. We instinctively think that if something was easy, it must be insecure, and that things that require learning and ritual are secure themselves. This is why we continue to be stuck with arcane command line programs and so on.

Any system that is ultimately a shared secret is equivalent to a password. Many two-factor systems are at their core no more secure than a password. Here's a quick example.

TOTP is just a shared secret system. It has the advantage over a naive password that intercepting it and reusing it is blocked off, but that's not the threat. The adversaries are not breaking the TLS that carries a password, they're hijacking the database and going from there. As a quick example, suppose a server has a password (a shared secret) and a TOTP seed (another shared secret). Together, they're just one larger shared secret. If an adversary steals the database, they can log in as any user. One presumes that the TOTP seeds were randomly generated, and providing that they were, it stops a loss of the password to other sites as they need both the password and seed (which is different on a different server).

However, in this case you could always just eliminate the password and just have a TOTP secret. It's not really any less secure. And in most cases, a randomly generated password itself is mostly good enough. Repeating myself, if you break the TLS connecting the client and server, you can replay the random password, but that's rare.

Let me wave my magic wand and create a password manager that generates random passwords automagically. It's almost as good as password+TOTP. If this manager could go out and change the password for you automagically as well, then as the life of any given random password approaches a single login, then that simple password system approaches the security of that type of two-factor, while gaining the benefit that a stolen database of shared secrets has ever-decaying usefulness, which lowers the incentive to hack that database in the first place. Single factor with automated change is arguably better than two-factor. 

	Jon