<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 4/5/21 10:28 PM, John Denker via
cryptography wrote:<br>
</div>
<blockquote type="cite"
cite="mid:26dc2532-36f9-c7e6-12a6-e6aed3bdc1ed@av8n.com">
<pre class="moz-quote-pre" wrap="">To avoid sending passwords over the wire, use zero-knowledge
password proofs. Such things have been around since 1992.
<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/Zero-knowledge_password_proof">https://en.wikipedia.org/wiki/Zero-knowledge_password_proof</a>
An intelligent discussion of the issues is here:
<a class="moz-txt-link-freetext" href="https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/">https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/</a>
Why not just incorporate this into browsers?</pre>
</blockquote>
<p>I really like the idea of not sending passwords over the wire,
and I like the idea of incorporating zero-knowledge proof support
into browsers to make that easier.<br>
</p>
<br>
<blockquote type="cite"
cite="mid:26dc2532-36f9-c7e6-12a6-e6aed3bdc1ed@av8n.com">
<pre class="moz-quote-pre" wrap="">Everybody I know uses some sort of wallet.</pre>
</blockquote>
<p>I do, too.</p>
<p><br>
</p>
<p>
</p>
<blockquote type="cite"
cite="mid:26dc2532-36f9-c7e6-12a6-e6aed3bdc1ed@av8n.com">
<pre class="moz-quote-pre" wrap="">Moving from "password wallet" to "zero-knowlege proof agent" is
a very small step. The complexity, from the user's point of view,
is the same. The UI (if done right) is essentially the same.</pre>
</blockquote>
<p>The "if done right"-part concerns me, and I worry others' concept
of "right" might be a blunder dressed in "We solved it!"
enthusiasm.</p>
<p>For my password manager I choose to have things be very manual. I
have to decide to enter a password: I have to type (or paste) it.
I don't want the every website I am near to automatically unlock
for me. I want to decide to log into my Amazon account or not. (I
will frequently click on something that lands me at Amazon and it
is none of their business it is me unless I decide so. Why delete
cookies if they are constantly being rebuilt?) More importantly I
want to only be logged into financial sites if I choose so.</p>
<p>I am very worried about the security of password managers. (Are
they immune to that malady that hits all other software: Bugs?
No!) I want to limit the risk of having bugs, and limit the
severity when (not if) they come up.</p>
<p>Limiting the likelihood and number of bugs: Simpler password
manager. Fewer features. <br>
</p>
<p>Limiting the severity of the bugs that do exist: Keep it
isolated. Do not have it talking directly to web browsers and
other programs. Not automated, always a manual decision—including
a logically necessary manual step—to unlock anything.</p>
<p>But heck, I'm weird, I don't want my car to unlock just because I
am near it either. I want to decide to unlock and start my car.
(Though I don't want automatic sudo privileges, I don't want
automatic ssh privileges, go figure.)<br>
</p>
<p><br>
</p>
<p>So yes, have browsers implement zero knowledge proofs for logins,
but let me still manually supply it with my copy of the secret, do
not make me use some "full-featured" keysafe, and do <i>not</i>
do me any favors by keeping any copies of any of my secrets.<br>
</p>
<p><br>
</p>
<p>-kb, the Kent who wants to reduce the surface area.</p>
<p><br>
</p>
<p>P.S. My Linux desktop, when I mount an encrypted volume, wants to
keep a copy of the passphrase until I logout (which happens
infrequently), or even keeo it forever. I always have to remember
the extra click to say "No, dammit, don't keep my passphrase."
Seems to defeat much of the point of encrypting a volume if it
will automatically decrypt when plugged into the nearest computer.
Reducing the really good security of a Linux encrypted disk to
innumerable additional risks, all for dangerous convenience.<br>
</p>
</body>
</html>