[Cryptography] Possible reason why password usage rules are such a mess

Phillip Hallam-Baker phill at hallambaker.com
Thu Mar 5 09:25:59 EST 2020


Peter is probably right in asserting that the principle of changing
passwords regularly is probably inherited from having to change watchwords
on a daily basis. But the other part of the pain comes from the idiot
requirements of capitalization, numbers, special characters, etc.

These rules were all brought into being in response to the publication of
Crack which sped up exhaustive dictionary search of passwords to 22
attempts a second on a SPARC model of the day.

Now up to that point, there was a flamewar going on between the UNIX and
VMS advocates on USENET with the advocates of the UNIX approach insisting
VMS IS INSECURE because the password hash file was protected at the system
level while the UNIX password file was proudly world readable. UNIX did not
ship with shadow password support turned on by default at the time, some
distributions didn't even support it at all. System protections on the
password file were derided as 'security through obscurity'.

This actually had a serious impact on the design of the Web. The reason we
got plaintext password rather than my digest scheme for HTTP was that you
can't protect the authentication secrets on the wire and in storage unless
you make use of public key cryptography which was still under patent in
1993. Some folk were bought into this 'security through obscurity' UNIX
fetish and insisted we send the passwords over the net en-clair so they
could be obfuscated on disk.

Anyway, Crack changed all that and within a few weeks the following had
become firmly established 'facts':

1) Every UNIX system supports shadow passwords and has always supported
shadow passwords.
2) Nobody has ever been so foolish as to suggest shadow passwords were
security through obscurity.
3) The argument must have been over the lack of shadow password files in
VMS, yes that was it.
4) Everyone must add a special character to their password to make it
unguessable.

The last part of this CYA is still with us despite the fact that it
actually decreases security. We don't use dictionary attacks any more.
There have been crackers that can exhaust the 8 character possibilities for
the Windows hash in less than a day for almost a decade now. The special
characters actually reduce the search space as there are more alpha
characters than special ones.

In the real world, all these requirements mean is that instead of using
'password', Alice chooses 'Password1' or 'Password1!'. They do absolutely
nothing for security. And if people are required to change their passwords
regularly, it is 'Password2!', etc.

We have to get away from passwords altogether and later this year, I will
be launching the first part of the Mesh which will make that possible as a
kickstarter. The Mesh is all open source of course and will remain so. But
I reckon many people will be willing to pay $20 or so for someone else to
host a service rather than run their own with all the hassle that
inevitably entails. And if I can get enough $20s, I can hire people to run
the service and write code to integrate into Chrome, Edge etc.


So the big idea here is to write a tool that provisions public key pairs
and credentials to every device the user connects to their personal Mesh
and then use those keys to

1) Provide access to an end-to-end secure password manager.
2) Authenticate to services using strong public key authentication.
3) Provide a second factor authentication capability that provides an audit
log of the actions taken.

If you have access to your password vault on every device you own and if it
is integrated into your browser on every platform, you can use different,
machine generated passwords for each site. And they can have as strong a
work factor as that site allows.

So this is a LastPass type play except that every device with access to the
passwords is also capable of public key based authentication which is
phishing proof because the authentication protocol does not require release
of the authentication secret.

I am not aware of any existing password vault that is end-to-end secure. My
proposal provides a further control using threshold cryptography so that
you can disable access to a device if it is lost or stolen or if you are
going through an airport in a hostile country.

Oh and it can also provision your keys for S/MIME, OpenPGP and SSH so that
best crypto practices are maintained. It can exchange contacts through
various types of ceremony from in-person QR code exchange to remote with
TTP attestation and it has a complete end-to-end secure asynchronous
messaging infrastructure.

It is time to make this happen. I am still nailing down the last bugs in
the reference code but I will be shortly looking to start a business to
commercialize this technology and doing the usual things of seeking a COO,
angel investment, etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200305/c21f377e/attachment.htm>


More information about the cryptography mailing list