Re: [p2p-hackers] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)
On 3/27/06, Alen Peacock <alenlpeacock@gmail.com> wrote:
... The overarching theme of the book is that theoretically secure systems with usability problems end up being neither secure (because users subvert them) nor usable.
very true.
Some findings from Chap 7 include the fact that a significant number of users did not comply with instructions for password generation
it is my personal hunch that if users had just one password they needed to remember they could remember a good one. the janus stuff we are working on uses loop-aes volumes specifically so you can store passwords in a browser, store capability URL's, keep accounts and logins in a text file, etc. [i'd love to know of any studies to this end though. i have tried experiments to see just how much entropy i can commit to memory and it is more than enough for a good interactive authentication. i think this is within the ability of most, if they had a desire to do so and understood the benefit.] so the goal is to provide a usable system with a single password, and make it user centric, so that all the other credentials and secrets associated with other digital identies can benefit from this bootstrap (and presumably share this more secure bootstrap).
it is my personal hunch that if users had just one password they needed to remember they could remember a good one. the janus stuff we
This approach is certainly commonly done by people for useability. However, the problem is that the best security you get is that of security provided by the weakest site (i.e., the weakest link the chain analogy). As an example, let's say that you use the same password to login to an online banking site (which really cares about security) and some random-dating site (which stores all unencrypted passwords in a big plaintext file on a rootable machine). An adversary trying to break-in to your bank account doesn't need to subvert the security of the bank site: He just needs to break into the dating site. No matter how many bits of entropy your password has, you lose. As a solution developed precisely for this problem, you should check out the pwdhash extension for browsers: http://crypto.stanford.edu/PwdHash/ Enjoy, --mike ----- www.michaelfreedman.org www.coralcdn.org
On 3/27/06, Michael J Freedman <mfreed@cs.nyu.edu> wrote:
... This approach is certainly commonly done by people for useability. However, the problem is that the best security you get is that of security provided by the weakest site (i.e., the weakest link the chain analogy).
true; which is why i'd like to see them use a single good password to mount an encrypted volume and secure OS where the rest of the (different*) passwords and PIN's and whatever else are kept.
As a solution developed precisely for this problem, you should check out the pwdhash extension for browsers:
this is a handy utility! i'd still be concerned about dictionary attacks on poor passwords (that is, discovering '.848fe29s44j' is the hash for pwned.com and 'secret'.) secure digests make this more expensive but not by much. * are you aware of any utility for the browser that generates random passwords? i'd like something like this as well, with the idea that the first time you visit the site (or need to change a password) a random password is generated, placed in the input text field, and then the browser password manager remembers it after that point. (and the password db is stored on an encrypted file system to prevent theft). someone will ask about users who aren't on their machine and need to access a site. i don't like to support this ability because you should never be using an untrusted computer to access a secure site. if the computer is trusted you should also be able to boot from CD and insert your USB storage key (which lets you use your browser password manager). (actually, looking at the source for PwdHash it appears easy enough to modify for random password generation) thanks for the tip,
-----Original Message----- From: coderman Sent: Monday, March 27, 2006 2:05 PM
On 3/27/06, Michael J Freedman <mfreed@cs.nyu.edu> wrote:
... This approach is certainly commonly done by people for useability. However, the problem is that the best security you get is that of security provided by the weakest site (i.e., the weakest link the chain analogy).
true; which is why i'd like to see them use a single good password to mount an encrypted volume and secure OS where the rest of the (different*) passwords and PIN's and whatever else are kept.
What are your thoughts on using PKI? For example, create private keys (with no passwords) and put them in an encrypted volume. Then use one strong password to unlock your encrypted volume (and thus, unlock your private keys), and then SSH to everywhere else securely. Thus a user need only remember one password to get access to all servers. (And you can individually grant or revoke access to servers by adding/removing the corresponding public key.) Win32 has 'TrueCrypt', which has a nice feature of auto-unmounting the encrypted volume on suspend/hibernate. Thus even if your laptop gets stolen while hibernated, the private keys aren't compromised. And if you're laptop is configured to suspend on the screen closing, they'd need to steal your laptop from you, while it's running, and begin hacking on it before closing the screen. (And in the time someone can mount an offline attack, you can remove the user's corresponding public keys from the servers.) -david
On 2006-03-27T14:04:55-0800, coderman wrote:
On 3/27/06, Michael J Freedman <mfreed@cs.nyu.edu> wrote:
As a solution developed precisely for this problem, you should check out the pwdhash extension for browsers:
i'd still be concerned about dictionary attacks on poor passwords (that is, discovering '.848fe29s44j' is the hash for pwned.com and 'secret'.) secure digests make this more expensive but not by much.
* are you aware of any utility for the browser that generates random passwords?
Two that are in app-admin/ under gentoo are pwgen and ranpwd. pwgen is neat. It prints out a bunch of passwords and you pick one, so that shoulder surfing doesn't work (unless it's with a camera). It also has an option to generate a password given a seed value (which could be your basic password you might use for PwdHash) and an input file, using sha-1. I recall a similar program that printed out skey-style many-word passwords. I wish I could remember what it was called. I like those kinds of passwords. I don't understand why some people are fixated on 8-character passwords, and why they insist on using every character on the keyboard. Compare [:alnum:]{8} -- 47.6 bits of entropy with :alnum: plus punctuation -- 52.5 bits. What kind of threat model might there be where the former is unacceptable while the latter is sufficient? Both provide more than enough security against a casual snoop, particularly when authentication methods go through processes that implement wrong-password delays and/or eventual lock-outs, and when the risk of another attack that provides access to the password file for an offline brute-force attack is minimal. Neither 47 nor 52 bits is nearly enough security to resist serious attacks by serious people with lots of hardware, TLAs, etc. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants.
participants (4)
-
coderman
-
David Barrett
-
Justin
-
Michael J Freedman