[Cryptography] Passwords (Smallest feasible work factor today?)

[Ron Garret]

On Sep 15, 2022, at 2:42 AM, Jerry Leichter <leichter at lrw.com> wrote:

>> The post-it notes all contain the same information: the master password.  The only reason to have more than one is for redundancy.  They are also metaphorical.  I don’t have actual post-it notes.  The physical details of how the master password is backed up is an essential part of the security.  What matters is that *I* know where it is, but no burglar would ever even suspect that there was anything of value there even if they were looking right at it.  It’s analogous to having a key storage box shaped like a rock, except that there is no actual key inside to tell a burglar they’ve found the right rock.  Steganography is very effective in the real world, especially against an adversary that has no reason to suspect that you’re using it (indeed, probably doesn’t even know what steganography is!)
> Ahem.  You do realize that the entire world now knows that you use steganography?

The Crypto list is not exactly the whole world.  But it doesn’t really matter.  I used to run a security company (still do actually, though it has been moribund for a while now).  The fact that I use steganography should come as no surprise to anyone.  (I am reminded of a vignette from the “Batman” television series from the 1960s where the Joker sneaks into the bat cave by stowing away in the trunk of the bat mobile or something like that.  At one point he triumphantly proclaims, “I’ve seen the bat cave!” with the implication that this is some sort of victory for him.  Robin then points out that it is true, he has seen the bat cave, but only from the inside.  He still doesn’t know where it is, which is what matters.)

> You've created an elaborate procedure to protect against an obscure threat

It’s not every elaborate.  It’s just another password manager, one that happens to be implemented simply as an encrypted plain-text file.

And the threat is not obscure.  Weak passwords and re-used passwords are a very real threat.

> - how many times has a random burgler stolen password information?

I saw it happen on Better Call Saul.  So if you want to talk about what the whole world knows…  :-)

> You've made lack of knowledge a part of that elaborate procedure.

Yes.  That is how steganography works.   Lack of knowledge *is* the security model.

> And now ... you've removed that element.

No, I haven’t.  You still don’t know the details of my particular implementation, and those are what matter.

> Yes, you're just as secure as you ever were against a random burgler - me, to, because my passwords are not written down anywhere, even using steganography - but against a targeted attack by someone who knows what they are doing?

Let’s not lose the plot here.  We are talking about alternative implementations of password managers.  The baseline is an app written by a third party, which opens up as many attack surfaces as it closes.  Ray suggested a locked box of 3x5 cards.  As Ray has taken pains to point out in this discussion on more than one occasion, the actual *use* of the stored passwords is not a factor here.  That is just a risk that you have no choice but to take on in today’s world.  The best you can do is choose strong passwords, and use a different one for each application.  Multiple strong passwords are impossible to memorize (at least for me).  *That* is the problem being addressed here, not the weaknesses of passwords in general.  In a perfect world we would not be using passwords at all, but alas.

> (Knowing what I now know, if I wanted your master password, the first thing I would do is secrete some cameras around your house and watch you carry out your procedure.)

Yeah, good luck with that.  Remember, I *have* actually memorized the master password because I use it all the time.  Your best bet is not to attack my steganography, mainly because the master password by itself is of no value.  You need the encrypted file too.  If you want to try to compromise my security you are much more likely to succeed by shoulder surfing me while I actually *use* my system rather than trying to attack the backup storage of the master password.  But before you put a lot of effort into that you should consider that I am obviously aware of this possibility and so I might have good reason to believe that you are unlikely to succeed (and that I might have good reason not to go into detail about the basis of my confidence in this regard).  Shoulder surfing is *always* a risk even without my particular password management scheme.

rg