[Cryptography] Security weakness in iCloud keychain

Ron Garret ron at flownet.com
Tue May 8 14:03:23 EDT 2018 

On May 8, 2018, at 7:23 AM, Kent Borg <kentborg at borg.org> wrote:

> On 05/07/2018 08:53 PM, Peter Gutmann wrote:
>> "Passwords are the worst kind of authentication mechanism, except for all the
>>  others".
>> 
>> Passwords aren't bad because they're inherently bad, they're bad because
>> security people have chosen to make them bad.
> 
> Hear, hear!
> 
> There is a lot of well-justified frustration around authentication, and passwords are *everywhere*. They are always involved in whatever the problem is, always seen near the crime, implicated by proximity.
> 
> So conventional wisdom is that passwords are bad. Anything that purports to replace passwords (including password manager software auto-typing them, effectively turning into a sort of randomly-specced authentication agent), has an automatic bias in favor of it: Passwords are bad, alternatives must be better. But the alternatives are all rather bigger systems, that on further thought have a lot of places to hide really big problems.
> 
> In replacing passwords: First do no harm.
> 
> I have hundreds of passwords (everyone does, I am merely rare in that mine are unique), for wildly disparate systems. Any "this will replace passwords!" needs replace all that, and make matters better.

OK, I’ll bite, because this seems like a no-brainer to me.

I want to replace passwords with a protocol that allows me to authenticate by signing a nonce with a secret key that I have previously registered.  And I want the protocol to be open so that I can choose the implementation of my signing software.  And I want to choose an implementation that stores my secret keys in a known location, encrypted by a secret key derived from a master password by a secure KDF.

This, to me, is the Right Answer because:

1.  I only have to remember one password, and I have completely free choice over what that password is.

2.  Other than #1, the UX is more or less identical to the status quo.

3.  The only way I can be compromised is if the machine on which I store my secret keys is compromised *and* my master password is compromised.  If I am super-super paranoid, I can store my keys on dedicated hardware with its own keyboard for entering my master password.  If I’m not super-duper paranoid, I can just store everything in my regular keychain.

That’s it.  We’re done here.

rg

More information about the cryptography mailing list