[Cryptography] Security weakness in iCloud keychain

Ron Garret ron at flownet.com
Tue May 8 18:38:49 EDT 2018


On May 8, 2018, at 2:30 PM, Kent Borg <kentborg at borg.org> wrote:

> At the end you answer a key question: You would still have me entering passwords, but where my example had me entering a half dozen different passwords, you say I would enter just one.
> 
> You aren't getting rid of passwords, you are just coming up with a way to make recycling a single grand master password safe.
> 
> Or, safer. It seems you are only aiming to solve the problem of some website leaking plaintext of a recycled password.
> 
> But back to One Master Password: I don't want that.

Well, it’s optional.  You can protect you store of secret keys however you like, including memorizing them and entering them manually (good luck with that), generating them from separate passwords (less secure, but at least it’s possible), writing them all down on a piece of paper (inconvenient, but doable), or storing them unencrypted on digital media (not advisable, but meets your criteria as stated).

My proposal eliminates passwords *at the protocol level* between me and a third-party service that wants to authenticate me.  That’s what matters, because if you don’t do that then you can’t get rid of passwords.

> Two immediate reasons:
> 
>  - I don't trust all the devices and keyboards in my life with such a powerful password. I don't trust that they are honest, I don't trust they are competent.

You don’t have to.  You can, as I pointed out before, build a device that you trust to store your passwords.  (In fact, I have a design for such a device ready to go to fab, so the only obstacle to obtaining one is getting enough people to place an order to make it worth my while to do a production run.)

>  - I currently don't much worry about shoulder-surfing, most passwords I enter aren't that important, but there are a few which are, and then I do worry who is behind me and whether there could be a camera above me.

You can build a device that uses any second factor you like to protect your secret keys, limited only by your imagination and your ability to implement things or hire someone to do it for you.  But NONE of it will be possible unless we first change the PROTOCOL that third parties use to authenticate people.  That is more of a political problem than a technical one, but unfortunately that doesn’t make it any easier to solve.

> A related question: Would there ever be a case where this master password you imagine would actually be an encryption key?

The master password would be the input to a KDF (https://en.wikipedia.org/wiki/Key_derivation_function in case you don’t know.  This sort of thing is generally taken for granted.)

> That is, would I have to worry about encrypted copy of any data leaking into a parallel key attack? If so, the master password would have to be a nasty one with lots of entropy in it.

No.  That’s what the KDF is for.

rg



More information about the cryptography mailing list