[Cryptography] Passwords (Smallest feasible work factor today?)

Wed Sep 14 02:28:02 EDT 2022

On 9/13/22 14:22, Ralf Senderek wrote:
>
>> But nobody looking through my stuff would ever see a
>> key there, nor know how to combine these objects to make the key, nor 
>> know how
>> to use it as a key.
>
> This approach sounds almost like "security by obscurity", because if 
> you'd
> open-source your pencil-and-paper encryption then surely your ordinary 
> things
> would not look so innocent. How secure would your method be, if the thief
> can get his hands on your ciphertexts and has the knowledge *how* to 
> derive
> an (unknown) key?

You know when security by obscurity absolutely works?

When only one person ever needs to know the secret.  Sort of flies in 
the face of "open-source" anything, but to make this approach work every 
last person using it has to individually decide what hand cipher they 
use, with which variations and parameters, what objects their particular 
key comprises, and how to combine those objects to get a key.

Know when solving a hand cipher is really, really really hard?

When both the input and the output are high-entropy strings 
indistinguishable from noise. Like dice-generated passwords or the 
encrypted forms of dice-generated passwords.  Even if I were using the 
simplest cipher in the world - one that you could easily solve due to 
frequency analysis if it were applied to written language - there'd be 
no way to tell except to brute-force against all possible keys.

So, having never actually spoken it out loud nor written about it in 
more than extremely vague terms, I am quite certain that the undisclosed 
method here is just as secure a secret as the undisclosed key.

The problem starts when you *use* your password. All benefits of your 
"low tech"

> approach are lost once you enter your special password to do something 
> on an
> electronic platform. Even if it is used to decrypt an AES encrypted 
> file only, your password is exposed to all those risks that you tried 
> to avoid
> with your low tech attempt.
>
No.  Any password once entered is exposed to the same risks as any 
password that has been entered on that electronic platform. The risks 
I'm attempting to avoid with the low-tech approach are those associated 
with the password management device itself.

We enter passwords into devices that run invisible code made by people 
who can be bribed or coerced or malicious, on circuits we can't even see 
let alone easily comprehend and read, also made by people who can be 
coerced or bribed or malicious, made of components whose manufacturers 
can be coerced or bribed or malicious, and assembled into products by 
people who can be coerced or bribed or malicious. Or any of these people 
even with the best of intent can just accidentally make exploitable 
mistakes.

That entire universe of people you have to trust for the operation of 
any electronic device are scattered across dozens of countries, many of 
which work at cross purposes in information security, many of which lack 
any laws (or any enforcement of laws) encouraging trustworthy behavior, 
several of which are known to actively work to steal secrets and happily 
willing to bribe or coerce their manufacturers and suppliers into helping.

Finally the more any electronic device is made and used, the greater the 
aggregate value of an exploit against it. That increases the number and 
power of powerful actors who will not allow all those people we have to 
trust, to behave in a trustworthy way. Significant market penetration 
GUARANTEES that it is worth someone's effort and money to bribe or 
coerce someone somewhere in the ecosystem of people we have to trust. Or 
makes it more worthwhile for someone to invest significant resources 
into finding and exploiting flaws introduced by others.

MOST IMPORTANT POINT:  This applies to key management devices exactly 
the same way it applies to the rest of our horribly insecure information 
infrastructure. There's no reason to believe they're immune to the 
problem unless they're so simple that it is not possible for them to 
HAVE the problem.

It is true that the *REST* of the system will still leak like a sieve. 
But at least there are feasible alternatives to worrying about the 
security of the password management device itself.

Bear