[Cryptography] passwords, or not
Kent Borg
kentborg at borg.org
Tue Apr 6 13:17:48 EDT 2021
On 4/5/21 10:28 PM, John Denker via cryptography wrote:
> To avoid sending passwords over the wire, use zero-knowledge
> password proofs. Such things have been around since 1992.
> https://en.wikipedia.org/wiki/Zero-knowledge_password_proof
> An intelligent discussion of the issues is here:
> https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/
>
> Why not just incorporate this into browsers?
I really like the idea of not sending passwords over the wire, and I
like the idea of incorporating zero-knowledge proof support into
browsers to make that easier.
> Everybody I know uses some sort of wallet.
I do, too.
> Moving from "password wallet" to "zero-knowlege proof agent" is
> a very small step. The complexity, from the user's point of view,
> is the same. The UI (if done right) is essentially the same.
The "if done right"-part concerns me, and I worry others' concept of
"right" might be a blunder dressed in "We solved it!" enthusiasm.
For my password manager I choose to have things be very manual. I have
to decide to enter a password: I have to type (or paste) it. I don't
want the every website I am near to automatically unlock for me. I want
to decide to log into my Amazon account or not. (I will frequently click
on something that lands me at Amazon and it is none of their business it
is me unless I decide so. Why delete cookies if they are constantly
being rebuilt?) More importantly I want to only be logged into financial
sites if I choose so.
I am very worried about the security of password managers. (Are they
immune to that malady that hits all other software: Bugs? No!) I want to
limit the risk of having bugs, and limit the severity when (not if) they
come up.
Limiting the likelihood and number of bugs: Simpler password manager.
Fewer features.
Limiting the severity of the bugs that do exist: Keep it isolated. Do
not have it talking directly to web browsers and other programs. Not
automated, always a manual decision—including a logically necessary
manual step—to unlock anything.
But heck, I'm weird, I don't want my car to unlock just because I am
near it either. I want to decide to unlock and start my car. (Though I
don't want automatic sudo privileges, I don't want automatic ssh
privileges, go figure.)
So yes, have browsers implement zero knowledge proofs for logins, but
let me still manually supply it with my copy of the secret, do not make
me use some "full-featured" keysafe, and do /not/ do me any favors by
keeping any copies of any of my secrets.
-kb, the Kent who wants to reduce the surface area.
P.S. My Linux desktop, when I mount an encrypted volume, wants to keep a
copy of the passphrase until I logout (which happens infrequently), or
even keeo it forever. I always have to remember the extra click to say
"No, dammit, don't keep my passphrase." Seems to defeat much of the
point of encrypting a volume if it will automatically decrypt when
plugged into the nearest computer. Reducing the really good security of
a Linux encrypted disk to innumerable additional risks, all for
dangerous convenience.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210406/2eb26f3e/attachment.htm>
More information about the cryptography
mailing list