[Cryptography] Possible reason why password usage rules are such a mess

Sat Nov 21 23:21:39 EST 2020

On Thu, Nov 19, 2020 at 2:56 PM Kent Borg <kentborg at borg.org> wrote:

> On 11/19/20 2:46 AM, Phillip Hallam-Baker wrote:
>
> Sure, nobody leaves the front door open on the password file any more. But
> breaches occur regularly and the password files leak...
>
> You are optimizing for a very specific case:
> (1) A site uses password hashes,
> (2) for passwords that are allowed to be long,
> (3) and are honored in their entire length*,
> (4) is broken into and they don't tell me,
> (5) the breakin doesn't include general admin powers but just supplies
> that one file,
> (6) the attacker bothers to crack the hash for my password, and
> (7) it does any good for the attacker to have that password.
>
> * Even Linux is willing to let you use long passwords where anything past
> 8-characters are quietly ignored—if you set things up wrong. I've twice
> discovered this where I didn't set it up that way, a system installation
> script did.
> If I don't recycle passwords, getting all the way to #7 lets the attacker
> impersonate me only on this one iffy site, which the attacker already has
> some backdoor access to. By insisting on unmanageably long passwords for
> everything, you do avoid this one narrow circumstance.
>

What is a reasonable fee for memorizing a piece of information?

$50?
$100?

If someone wanted to hire me to remember a piece of information, I would
charge them at least $2500. So hell yes, I reuse passwords. I reuse
passwords for assets that DO NOT BELONG TO ME unless I am being paid to
protect them.

I find that the assumptions of technologists tend to be really arrogant at
times. When it comes to security, it is not just a mistake to expect the
user to make an effort, it is almost always unreasonable.

I wrote the HTTP digest authentication spec because I knew there was no way
in heck that users would possibly use a different password for every site
and that was the best I could do with unencumbered technology until the
Diffie Hellman patent expired.

You have an unacknowledged cost transfer in your proposal. And that is why
it is never going to work. Real users are not going to remember multiple
passwords. We have to stop trying to learn them how to do things properly
and take responsibility. This is our problem to fix, not theirs.

> But there are a lot of ways for people to get security wrong, by the time
> they let their password data leak you need to assume things are very
> broken.
>
> What makes you think there is any hashing going on at random site?
>
As I said, as the user, I have no way of auditing the site. So yes, I
assume that some don't even hash.

I have a large collection of plain-text passwords that have publicly
> leaked, where did I get those? That doesn't smell like hashing to me. Why
> do so many sites have password length and severe password content
> restrictions? That doesn't smell like hashing to me.
>
While the origin of the restrictions is almost certainly stupidity, there
is plenty of cargo cult implementation as well. We know that special
characters actually weaken most user selected passwords because it
effectively reduces them by one character. The obvious way to respond to
such stupid is to stick ether 1 or 1! on the end as necessary to meet the
idiot requirement. So while I accept the premise...

> By telling people that every password has to be unmanageably long, you are
> effectively discouraging people from using difficult passphrases when it
> really does matter: for encryption.
>

I am saying we need to abolish memorized passwords as a means of site
authentication and we have the means to empower the user to do just that.

Provide the user with a Web browser on every one of their devices that can
fill any form with a username and password pulled from an end-to-end secure
vault and they can use a different, strong password for every single site.
And they are very likely to do so because this will be the easiest thing
for them to do.

Additional security can be provided by adding a second factor (biometric,
memorized PIN) to access the vault.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20201121/ca740f10/attachment.htm>