Re: password-free SSH was Re: [ot] Security of my bit coin wallet
On 11/15/17 21:50, James wrote: > On Wed, Nov 15, 2017 at 3:06 PM, Gareth Nelson> wrote: >> Use key-based authentication? >> > > Okay, but that doesn't fit the requirement. > I want something iteratively password free. > AFAIK, somewhere along the line in key-based authentication you need > to enter a password to unlock the key. You can generate passphrase-less ssh keys. It would probably be wise to set up some some sort of authentication for the device that holds your private key(s), but you do log on to your machine in order to start working, don't you? I find the rest of the message a bit hard to follow, but I suspect you may be unaware that features functionally very close to what you describe actually exist, and are documented in the man pages for the software you mention in this last message. (And not top-posting would help follow the discussion a lot - a rant about that and a couple of other things can be had at[1] for those in need). [1] https://bsdly.blogspot.com/2011/02/problem-isnt-email-its-microsoft.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: password-free SSH was Re: [ot] Security of my bit coin wallet
> On Wed, Nov 15, 2017 at 3:06 PM, Gareth Nelsonwr= > ote: > > Use key-based authentication? > > > > Okay, but that doesn't fit the requirement. > I want something iteratively password free. > AFAIK, somewhere along the line in key-based authentication you need > to enter a password to unlock the key. > The context of this email is a password-free SSH. (blank passwords do > not count as password-free) > > What I want to find is a crypto mechanism that allows the use of no > passwords, but with the same guarantees of key-based authentication. > > So my thoughts are that to start with something similar to Diffie > Hellman operating at the network layer, you could generate keys when > you wanted to communicate after an initial round of set up. > > You wouldn't establish faith in the security of the connection until > proof was given that you are talking to the right host, and you could > get higher or lower levels of proof. Something functioning like the > Sieve of Eratosthenes. > > For example. you just use one known fact from the network layer. a > beacon. ntp even. Each communication point in the network, remember > this is a recursive solver, would have different ping time to the > beacon over a large number of pings, or to be able to express the > confidence that this host is who it says it is. Each node has a > complete and different view. In this way you could "push" > Diffie-Hellman to the network layer. > > I think it's similar in flavour to a blockchain, but it would > eliminate the need to use passwords when speaking the protocol and > establish some sort of reality to host mapping. Remember we can never > actually verify anything in the internet due to MITM. We can just > increase our probability of success while decreasing the attack > surface for dictionaries. > > What do you think? Sorry, I don't see a diff in your email. Oh are you just talking? If you were serious you would stop mixing terminology together and build it.
Re: password-free SSH was Re: [ot] Security of my bit coin wallet
On Wed, Nov 15, 2017 at 3:06 PM, Gareth Nelsonwrote: > Use key-based authentication? > Okay, but that doesn't fit the requirement. I want something iteratively password free. AFAIK, somewhere along the line in key-based authentication you need to enter a password to unlock the key. The context of this email is a password-free SSH. (blank passwords do not count as password-free) What I want to find is a crypto mechanism that allows the use of no passwords, but with the same guarantees of key-based authentication. So my thoughts are that to start with something similar to Diffie Hellman operating at the network layer, you could generate keys when you wanted to communicate after an initial round of set up. You wouldn't establish faith in the security of the connection until proof was given that you are talking to the right host, and you could get higher or lower levels of proof. Something functioning like the Sieve of Eratosthenes. For example. you just use one known fact from the network layer. a beacon. ntp even. Each communication point in the network, remember this is a recursive solver, would have different ping time to the beacon over a large number of pings, or to be able to express the confidence that this host is who it says it is. Each node has a complete and different view. In this way you could "push" Diffie-Hellman to the network layer. I think it's similar in flavour to a blockchain, but it would eliminate the need to use passwords when speaking the protocol and establish some sort of reality to host mapping. Remember we can never actually verify anything in the internet due to MITM. We can just increase our probability of success while decreasing the attack surface for dictionaries. What do you think? Cheers, James > On Wed, Nov 15, 2017 at 2:38 PM, James wrote: >> >> On Wed, Nov 15, 2017 at 10:42 AM, Raul Miller >> wrote: >> > Assumption is invalid. Flaws are widely documented (e.g. fixed >> > supply). Probably wrong list, also. >> > >> >> Ok a little more on topic then. SSH. >> >> How would you secure SSH without a password, iteratively password - free? >> a blank password does not count as password-free. >> >> My motivation is turn the internet upside down. >> >> Does any current crypto mechanism come to mind? >> >> A possible example is the use of Diffie-Hellman at the network layer >> to identify hosts. I think that would be password-free. >> >> >> > Thanks, >> > >> > -- >> > Raul >> > >> >> Thanks, >> James >> >> >> >> > On Wed, Nov 15, 2017 at 8:46 AM, James wrote: >> >> While a little off topic it is security related so I hope you don't >> >> mind. >> >> >> >> This is the misc list, right? >> >> >> >> Assumption 1. >> >> bitcoin is a secure protocol without flaws. >> >> >> >> quote from >> >> https://github.com/bitcoinbook/bitcoinbook/blob/second_edition/ch01.asciidoc >> >> >> >> With these keys they can sign transactions to unlock the value and >> >> spend it by transferring it to a new owner. Keys are often stored in a >> >> digital wallet on each user’s computer or smartphone. Possession of >> >> the key that can sign a transaction is the only prerequisite to >> >> spending bitcoin, putting the control entirely in the hands of each >> >> user. >> >> >> >> >> >> Is the security of a bitcoin wallet ultimately determined by it's >> >> password? >> >> The way I see it If an attacker had access to my computer, the only >> >> thing protecting access to the wallet would be a password or some >> >> iteration of a password scheme, if not mine than a centralized server >> >> of trust somewhere, but eventually someone has a password that is used >> >> to, unlock a bitcoin. Is that correct reasoning or are there >> >> alternatives? >> >> >> >> Thanks, >> >> James >> >> >> >
Re: password-free SSH was Re: [ot] Security of my bit coin wallet
Use key-based authentication? On Wed, Nov 15, 2017 at 2:38 PM, Jameswrote: > On Wed, Nov 15, 2017 at 10:42 AM, Raul Miller > wrote: > > Assumption is invalid. Flaws are widely documented (e.g. fixed > > supply). Probably wrong list, also. > > > > Ok a little more on topic then. SSH. > > How would you secure SSH without a password, iteratively password - free? > a blank password does not count as password-free. > > My motivation is turn the internet upside down. > > Does any current crypto mechanism come to mind? > > A possible example is the use of Diffie-Hellman at the network layer > to identify hosts. I think that would be password-free. > > > > Thanks, > > > > -- > > Raul > > > > Thanks, > James > > > > > On Wed, Nov 15, 2017 at 8:46 AM, James wrote: > >> While a little off topic it is security related so I hope you don't > mind. > >> > >> This is the misc list, right? > >> > >> Assumption 1. > >> bitcoin is a secure protocol without flaws. > >> > >> quote from https://github.com/bitcoinbook/bitcoinbook/blob/ > second_edition/ch01.asciidoc > >> > >> With these keys they can sign transactions to unlock the value and > >> spend it by transferring it to a new owner. Keys are often stored in a > >> digital wallet on each user’s computer or smartphone. Possession of > >> the key that can sign a transaction is the only prerequisite to > >> spending bitcoin, putting the control entirely in the hands of each > >> user. > >> > >> > >> Is the security of a bitcoin wallet ultimately determined by it's > password? > >> The way I see it If an attacker had access to my computer, the only > >> thing protecting access to the wallet would be a password or some > >> iteration of a password scheme, if not mine than a centralized server > >> of trust somewhere, but eventually someone has a password that is used > >> to, unlock a bitcoin. Is that correct reasoning or are there > >> alternatives? > >> > >> Thanks, > >> James > >> > >
password-free SSH was Re: [ot] Security of my bit coin wallet
On Wed, Nov 15, 2017 at 10:42 AM, Raul Millerwrote: > Assumption is invalid. Flaws are widely documented (e.g. fixed > supply). Probably wrong list, also. > Ok a little more on topic then. SSH. How would you secure SSH without a password, iteratively password - free? a blank password does not count as password-free. My motivation is turn the internet upside down. Does any current crypto mechanism come to mind? A possible example is the use of Diffie-Hellman at the network layer to identify hosts. I think that would be password-free. > Thanks, > > -- > Raul > Thanks, James > On Wed, Nov 15, 2017 at 8:46 AM, James wrote: >> While a little off topic it is security related so I hope you don't mind. >> >> This is the misc list, right? >> >> Assumption 1. >> bitcoin is a secure protocol without flaws. >> >> quote from >> https://github.com/bitcoinbook/bitcoinbook/blob/second_edition/ch01.asciidoc >> >> With these keys they can sign transactions to unlock the value and >> spend it by transferring it to a new owner. Keys are often stored in a >> digital wallet on each user’s computer or smartphone. Possession of >> the key that can sign a transaction is the only prerequisite to >> spending bitcoin, putting the control entirely in the hands of each >> user. >> >> >> Is the security of a bitcoin wallet ultimately determined by it's password? >> The way I see it If an attacker had access to my computer, the only >> thing protecting access to the wallet would be a password or some >> iteration of a password scheme, if not mine than a centralized server >> of trust somewhere, but eventually someone has a password that is used >> to, unlock a bitcoin. Is that correct reasoning or are there >> alternatives? >> >> Thanks, >> James >>
Re: [ot] Security of my bit coin wallet
Assumption is invalid. Flaws are widely documented (e.g. fixed supply). Probably wrong list, also. Thanks, -- Raul On Wed, Nov 15, 2017 at 8:46 AM, Jameswrote: > While a little off topic it is security related so I hope you don't mind. > > This is the misc list, right? > > Assumption 1. > bitcoin is a secure protocol without flaws. > > quote from > https://github.com/bitcoinbook/bitcoinbook/blob/second_edition/ch01.asciidoc > > With these keys they can sign transactions to unlock the value and > spend it by transferring it to a new owner. Keys are often stored in a > digital wallet on each user’s computer or smartphone. Possession of > the key that can sign a transaction is the only prerequisite to > spending bitcoin, putting the control entirely in the hands of each > user. > > > Is the security of a bitcoin wallet ultimately determined by it's password? > The way I see it If an attacker had access to my computer, the only > thing protecting access to the wallet would be a password or some > iteration of a password scheme, if not mine than a centralized server > of trust somewhere, but eventually someone has a password that is used > to, unlock a bitcoin. Is that correct reasoning or are there > alternatives? > > Thanks, > James >
[ot] Security of my bit coin wallet
While a little off topic it is security related so I hope you don't mind. This is the misc list, right? Assumption 1. bitcoin is a secure protocol without flaws. quote from https://github.com/bitcoinbook/bitcoinbook/blob/second_edition/ch01.asciidoc With these keys they can sign transactions to unlock the value and spend it by transferring it to a new owner. Keys are often stored in a digital wallet on each user’s computer or smartphone. Possession of the key that can sign a transaction is the only prerequisite to spending bitcoin, putting the control entirely in the hands of each user. Is the security of a bitcoin wallet ultimately determined by it's password? The way I see it If an attacker had access to my computer, the only thing protecting access to the wallet would be a password or some iteration of a password scheme, if not mine than a centralized server of trust somewhere, but eventually someone has a password that is used to, unlock a bitcoin. Is that correct reasoning or are there alternatives? Thanks, James