[Cryptography] Low-tech password safe was: Passwords (Smallest feasible work factor today?)

Wed Sep 14 04:26:04 EDT 2022

On Tue, 13 Sep 2022, Ray Dillinger wrote:

> You know when security by obscurity absolutely works?
> When only one person ever needs to know the secret. 

> Know when solving a hand cipher is really, really really hard?
>
> When both the input and the output are high-entropy strings indistinguishable 
> from noise.
> So, having never actually spoken it out loud nor written about it in more 
> than extremely vague terms, I am quite certain that the undisclosed method 
> here is just as secure a secret as the undisclosed key.

So for the sake of argument let's assume that your low-tech password safe
is perfect.
The essential point is the use-case of your special passwords.
After roughly two minutes the special password is decrypted by hand and
is written on a piece of paper.

I wrote:
>>  All benefits of your "low tech" approach are lost once you enter
>>  your special password to do something on an electronic platform.
>>  [...], your password is exposed to all those risks that you tried
>>  to avoid with your low tech attempt.
And I still don't see what additional security you get when the password
is then enterd into our "insecure information technology".

You replied:
> No.  Any password once entered is exposed to the same risks as any password 
> that has been entered on that electronic platform. The risks I'm attempting 
> to avoid with the low-tech approach are those associated with the password 
> management device itself.
>
> We enter passwords into devices that run invisible code made by people who 
> can be bribed or coerced or malicious, on circuits we can't even see let 
> alone easily comprehend and read, also made by people who can be coerced or 
> bribed or malicious, made of components whose manufacturers can be coerced or 
> bribed or malicious, and assembled into products by people who can be coerced 
> or bribed or malicious. Or any of these people even with the best of intent 
> can just accidentally make exploitable mistakes.
>
> That entire universe of people you have to trust for the operation of any 
> electronic device are scattered across dozens of countries, many of which 
> work at cross purposes in information security, many of which lack any laws 
> (or any enforcement of laws) encouraging trustworthy behavior, several of 
> which are known to actively work to steal secrets and happily willing to 
> bribe or coerce their manufacturers and suppliers into helping.
>
> Finally the more any electronic device is made and used, the greater the 
> aggregate value of an exploit against it. That increases the number and power 
> of powerful actors who will not allow all those people we have to trust, to 
> behave in a trustworthy way. Significant market penetration GUARANTEES that 
> it is worth someone's effort and money to bribe or coerce someone somewhere 
> in the ecosystem of people we have to trust. Or makes it more worthwhile for 
> someone to invest significant resources into finding and exploiting flaws 
> introduced by others.
>
> MOST IMPORTANT POINT:  This applies to key management devices exactly the 
> same way it applies to the rest of our horribly insecure information 
> infrastructure. There's no reason to believe they're immune to the problem 
> unless they're so simple that it is not possible for them to HAVE the 
> problem.

I certainly don't assume that an electronic password safe is exempt from
these risks. Certainly not. But an attacker that is after your password
does not need to break into your castle and steal your metal box, because
once you *actually use* your password there are all the usual exploits
available to the attacker.

> It is true that the *REST* of the system will still leak like a sieve. But at 
> least there are feasible alternatives to worrying about the security of the 
> password management device itself.

But if you recommend this as a better password manager its security
vanishes when being used.

     -ralf