Perhaps I shouldn’t comment as I work for a company that makes a password
manager, and so a critique of your scheme might involve a conflict of interest.
But with that disclosure in mind, I will go ahead.
On 2015-12-18, at 8:27 AM, Brian Hankey <bhan...@gmail.com> wrote:
>
> The question we are trying to answer here is how could we all have ultra
> strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and
> every website, email, social media, etc. service that we use but without
> having to trust any third parties to store them for us protected by single
> password (perhaps with 2 factor authentication, hardware key, etc.,
> admittedly), or to use some kind of local password manager that needs to be
> installed on every device you want to use it on with a local encrypted
> password file. Lastly, it should be extremely resistant to rainbow tables if
> and when one of your passwords is leaked.
The problem you address is certainly real. And a lot of people have looked at
various approaches over the decades. None, so far, is fully satisfactory. (I
obviously believe that a well designed password manager is the best solution
for most people available today, but I do not see them as the long term
solution.)
One common mistake made in approaching this problem is a failure to look at the
previous literature. Pretty much every scheme that people new to the problem
propose has been examined before. If your approach isn’t in wide use, there is
probably a reason for it.
> The idea is to have a very compact piece of open source code that can run in
> your browser that would help you to generate nearly unbreakable passwords on
> the fly every time you need them instead of storing them somehow, or writing
> them down where other parties may be able to access them.
When I first read this, I thought you were proposing the oft suggested scheme
of
site password = base64(hash(long-term-secret, site-name))
The fine details of those proposals differ (what encoding, what hash scheme,
how things truncate, etc) but the essence is to is generate some very strong
passwords per site/service based on some master password using some hashing
mechanism.
There are a number of problems with such a scheme:
1. The generated password may not confirm to the requirements of the site or
service.
2. You cannot change the password a site if, say, there is a breach and you are
told to change your password.
3. If one of your generated passwords is captured as plaintext (lots of sites
store things as plaintext), it can be used for trying to crack your long term
secret, from which they can then reconstruct all of your passwords.
Anyway that is the usual proposal and some of the very major problems with it.
Most people who come up with variants of that scheme are unaware of the
problems, and are unaware that this gets reinvented many times a year if my
passwords stackexchange feed is any clue.
There is (at least) one team that pursued the idea aware of all of the problems
and tried to mitigate them. Some of their mitigations are quite useful and
clever (for other things). In my view, they do not come up with a workable
scheme, but it is good that they tried in a way that acknowledged the threats:
@inproceedings{halderman2005convenient,
Author = {Halderman, J. Alex and Waters, Brent and Felten, Edward W.},
Booktitle = {Proceedings of the 14th international conference on World
Wide Web},
Organization = {ACM},
Pages = {471--479},
Title = {A convenient method for securely managing passwords},
Year = {2005}}
Your particular version of the scheme, if I’ve understood the code correctly,
doesn’t even use a cryptographically secure hashing mechanism. So it has all of
the problems of the typical proposal and then some more.
> Did somebody else already think of this and do something similar (high
> probability I guess) - please tell me so I can give credit where credit is
> due.
I don’t think that Halderman et alter are the first to come up with the idea. I
certainly recall it being talked about on mailings lists earlier, but my memory
is fuzzy. But look at their paper for citations and for fully explanation of
some of the difficulties that need to be overcome to make it work.
I know that I am one of the many many people who independently came up with the
scheme, but as I spotted the problems early, I didn’t post/publish it. But this
has been reinvented many times, and rejected for all of the same reasons. But I
certainly wouldn’t have been the first.
I have a rule that I’ve found very useful. Every time I come up with a “great
new idea”, I recognize that in all likelihood the idea is neither great nor
new. What it means that I haven’t done my homework.
> Thanks for your time, I look forward to hearing your feedback, good, bad,
> awful or otherwise.
I’m sorry that this comes across as harsh, but ultimately the “solution” to the
problems with the general scheme involve doing what a password manager
ultimately does, and so doesn’t improve upon them.
Cheers,
-j
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
