[Cryptography] Possible reason why password usage rules are such a mess

[iang]

On 04/03/2020 13:16, Peter Gutmann wrote:
> There has been some speculation in the past over why we have so many cargo-
> cult password security rules that make no sense in any modern context, the
> prime example being the need to change passwords periodically.  I've found one
> possible explanation, the Ware Report, which talks about authentication words
> more than passwords, and in a manner in which they resemble military
> countersigns rather than what we'd think of today as passwords:
>
>    Authentication words or techniques must be obtained from an approved source,
>    or, alternatively, must be generated and distributed under the cognizance of
>    the System Security Officer by approved techniques. Specifically, a user
>    cannot generate his own passwords [...] Authentication words must be changed
>    as frequently as prescribed by the approved issuing source.
>
> Looking at a WWII-era field manual, that looks very similar to the
> requirements for countersigns given in that.  Perhaps this could be the source
> of so much of the historical baggage of unknown origin that's attached to
> passwords, they came from military countersigns that were repurposed for use
> with computers.


Military crypto is very different to civilian crypto.  In the latter, 
there is a sense that some random Alice has to talk to some random Bob, 
and they don't know each other and can't trust each other so have to go 
through some form of ceremony before they can be permitted to know and 
trust each other.

In the military it's the other way around. Every soldier needs to know 
and trust all other soldiers in the same military. For example (and this 
applies to my time many decades ago) it is the case that any soldier on 
the ground should be able to call in indirect fire support from any 
assets in the area - which includes aircraft and ships.

In order to enable this, the crypto system had to be centralised. 
Recalling that (a) until recently it wasn't likely that soldiers could 
carry sophisticated tools that could do things like public key 
encryption and (b) security at the sharp end was tactical, which meant 
you only had to keep the secrets for O(day). Especially, any battle info 
was already compromised because the enemy was on the receiving and and 
knew what you were likely sending.

The answer then was a very large centralised distribution of books, 
which changed over like daily or every 6 hours. Everyone had the same 
books, and everyone had to synchronise changeover at the same time (and 
same zone) as stated in Zulu time (GMT).

The same thing is seen at the unit level - the CO sends out a patrol 
from one squad, and it has to come back in through another squad. Ofc 
they both have to have the same code words. Which means codewords need 
to be rotated daily as everyone has them, if anyone gets captured he 
only needs to hold out for a day.

Bear in mind that military crypto has a much longer history, numbering 
in centuries. Whereas civilian crypto up-ticked in the 80s (Unix 
delivered DES as an early mistake) and only became really important in 
the 90s. All the expertise was initially military - even the guys who 
were involved in Unix security eg Morris were connected to military and IC.

So assumptions were picked up and not questioned. The Internet had to 
find out the hard way that we had to discard the received wisdom and 
rebuilt it from 1st principles.

iang