[Cryptography] Passwords (Smallest feasible work factor today?)
Ray Dillinger
bear at sonic.net
Wed Sep 14 02:28:02 EDT 2022
On 9/13/22 14:22, Ralf Senderek wrote:
>
>> But nobody looking through my stuff would ever see a
>> key there, nor know how to combine these objects to make the key, nor
>> know how
>> to use it as a key.
>
> This approach sounds almost like "security by obscurity", because if
> you'd
> open-source your pencil-and-paper encryption then surely your ordinary
> things
> would not look so innocent. How secure would your method be, if the thief
> can get his hands on your ciphertexts and has the knowledge *how* to
> derive
> an (unknown) key?
You know when security by obscurity absolutely works?
When only one person ever needs to know the secret. Sort of flies in
the face of "open-source" anything, but to make this approach work every
last person using it has to individually decide what hand cipher they
use, with which variations and parameters, what objects their particular
key comprises, and how to combine those objects to get a key.
Know when solving a hand cipher is really, really really hard?
When both the input and the output are high-entropy strings
indistinguishable from noise. Like dice-generated passwords or the
encrypted forms of dice-generated passwords. Even if I were using the
simplest cipher in the world - one that you could easily solve due to
frequency analysis if it were applied to written language - there'd be
no way to tell except to brute-force against all possible keys.
So, having never actually spoken it out loud nor written about it in
more than extremely vague terms, I am quite certain that the undisclosed
method here is just as secure a secret as the undisclosed key.
The problem starts when you *use* your password. All benefits of your
"low tech"
> approach are lost once you enter your special password to do something
> on an
> electronic platform. Even if it is used to decrypt an AES encrypted
> file only, your password is exposed to all those risks that you tried
> to avoid
> with your low tech attempt.
>
No. Any password once entered is exposed to the same risks as any
password that has been entered on that electronic platform. The risks
I'm attempting to avoid with the low-tech approach are those associated
with the password management device itself.
We enter passwords into devices that run invisible code made by people
who can be bribed or coerced or malicious, on circuits we can't even see
let alone easily comprehend and read, also made by people who can be
coerced or bribed or malicious, made of components whose manufacturers
can be coerced or bribed or malicious, and assembled into products by
people who can be coerced or bribed or malicious. Or any of these people
even with the best of intent can just accidentally make exploitable
mistakes.
That entire universe of people you have to trust for the operation of
any electronic device are scattered across dozens of countries, many of
which work at cross purposes in information security, many of which lack
any laws (or any enforcement of laws) encouraging trustworthy behavior,
several of which are known to actively work to steal secrets and happily
willing to bribe or coerce their manufacturers and suppliers into helping.
Finally the more any electronic device is made and used, the greater the
aggregate value of an exploit against it. That increases the number and
power of powerful actors who will not allow all those people we have to
trust, to behave in a trustworthy way. Significant market penetration
GUARANTEES that it is worth someone's effort and money to bribe or
coerce someone somewhere in the ecosystem of people we have to trust. Or
makes it more worthwhile for someone to invest significant resources
into finding and exploiting flaws introduced by others.
MOST IMPORTANT POINT: This applies to key management devices exactly
the same way it applies to the rest of our horribly insecure information
infrastructure. There's no reason to believe they're immune to the
problem unless they're so simple that it is not possible for them to
HAVE the problem.
It is true that the *REST* of the system will still leak like a sieve.
But at least there are feasible alternatives to worrying about the
security of the password management device itself.
Bear
More information about the cryptography
mailing list