| 1 |
On Thu, Feb 14, 2019 at 12:32 AM Rich Freeman <rich0@g.o> wrote: |
| 2 |
> > > On Wed, 6 Feb 2019 04:28:49 +0800, Mark David Dumlao wrote: |
| 3 |
> > > |
| 4 |
> > >> My own solution is actually very simple. I have a "secret algorithm" |
| 5 |
> > >> that incorporates several secrets with a predictable way to generate a |
| 6 |
> > >> site-specific secret. The end result is a 100% predictable way to |
| 7 |
> > >> generate unique passwords for every site that are cryptographically |
| 8 |
> > >> secure from each other (you cannot derive |
| 9 |
> > >> one from the other) which can be generated by any device using the |
| 10 |
> > >> appropriate tools. |
| 11 |
> I just stumbled on lesspass which seems to be such a tool for |
| 12 |
> algorithmic password generation (lesspass.com). |
| 13 |
|
| 14 |
Great tool. Good to know there are those that think alike. One |
| 15 |
important point though is that in my "version", the user has to |
| 16 |
completely know a secure algorithm (which is where all the security |
| 17 |
comes from), with a managed tool this is only feasible for technical |
| 18 |
users (or at least technical past a certain level). A version of |
| 19 |
lesspass that allows users to view and customize the secret-generation |
| 20 |
algorithm would be much more secure. |
| 21 |
|
| 22 |
Or another way to put it might be: if an attacker knows that you're |
| 23 |
using lesspass, then the only encryption they have to break is that on |
| 24 |
your master password, so your security is only as strong as your |
| 25 |
master password. On the other hand, if an attacker knows that I am |
| 26 |
using an algorithm-generating technique, they need to break both the |
| 27 |
master secret AND the algorithm, which could have vastly more entropy |
| 28 |
than the master secret itself. |
| 29 |
|
| 30 |
> |
| 31 |
> Some thoughts regarding this approach: |
| 32 |
> |
| 33 |
> 1. Remembering the right "site name" for every site might be tricky - |
| 34 |
> sites change names/URLs and you won't have any database to search. |
| 35 |
|
| 36 |
In my personal practice, not a problem. In practice you always |
| 37 |
remember the old site name for any common enough site. If you don't, |
| 38 |
you reset the password to the new site name. |
| 39 |
|
| 40 |
> 2. The solution does allow incremental counters for sites, but of |
| 41 |
> course that is basically state and it looks like they have a way to |
| 42 |
> sync this somewhere, but of course that means having a cloud sync |
| 43 |
> infrastructure and that info could get compromised (doesn't include |
| 44 |
> the passwords themselves). |
| 45 |
|
| 46 |
Also not an issue for me in practice. In practice you also remembr |
| 47 |
which sites forced you to change passwords, since they're pretty much |
| 48 |
the only ones in that class. |
| 49 |
|
| 50 |
> 3. Master password complexity probably matters more than for |
| 51 |
> something like Lastpass/KeepassX. With traditional password managers |
| 52 |
> you need the database plus you need to crack the master password (or |
| 53 |
> get it some other way). With a purely algorithmic approach you can |
| 54 |
> probably guess at all the parameters other than the master password, |
| 55 |
> so anybody can try to crack you without stealing any data at all, |
| 56 |
|
| 57 |
This is an issue for lesspass, because the only secret is the master |
| 58 |
password. This is not an issue for algorithmic approaches in general, |
| 59 |
because the algorithm is part of the secret. Every which way that you |
| 60 |
choose to encode the intermediary steps in my example above is also |
| 61 |
part of the secret, because none of those can be guessed from the |
| 62 |
resulting password. |
| 63 |
|
| 64 |
As an example, encoding "madumlao@×××××.com" as the site-specific |
| 65 |
identifier would give a completely different password than |
| 66 |
"gmail:madumlao" or "madumlao@gmail" or "madumlao+gmail", etc. And |
| 67 |
that hasn't yet counted any peppering which influences intermediary |
| 68 |
hashes. |
| 69 |
|
| 70 |
That being said, any system that depends on a master password had |
| 71 |
better be goddamned secure. In fact, my email account - which is a |
| 72 |
resetting point for basically all services - is exempt from my |
| 73 |
password algorithm and uses some ridiculously long secret. Likewise, |
| 74 |
your keepass / lesspass secrets should probably be some insane |
| 75 |
paranoid level secret that themselves don't come from keepass / |
| 76 |
lesspass and their alternatives. |
| 77 |
|
| 78 |
> 4. I'm not sure how straightforward it would be to change |
| 79 |
> passwords/etc. If you have 100 sites, you'd have to remember what |
| 80 |
> password you used for what site, or change them all at once. Again, |
| 81 |
> the stateless approach has its downsides as passwords are not |
| 82 |
> stateless from the standpoint of the remote sites. |
| 83 |
|
| 84 |
Actually the generation approach is massively simpler since the |
| 85 |
passwords themselves don't matter. If you don't like your secret, are |
| 86 |
not sure which iteration a site is, are not sure if a site used an old |
| 87 |
or new secret, etc, you can trigger a password reset on most services |
| 88 |
and force it to use the current generated password. You can update any |
| 89 |
passwords on an as-needed basis to always use the current generated |
| 90 |
iteration. |
| 91 |
|
| 92 |
> If you do increment passwords, well, now you just introduced state |
| 93 |
> back in, and the "stateless" solution isn't really so. |
| 94 |
> |
| 95 |
> Password incrementing is an issue for any algorithmic solution - you |
| 96 |
> need to be able to remember which password version is in use on what |
| 97 |
> site. |
| 98 |
|
| 99 |
If you're talking about remembering the iteration counter for a |
| 100 |
particular site, well, yes you have to store state somewhere. But |
| 101 |
consider: |
| 102 |
1 very strong secret + remember that these 3 or 4 sites are on iteration X |
| 103 |
|
| 104 |
is a LOT less headspace than |
| 105 |
4+ independent strong secrets |
| 106 |
|
| 107 |
and I'm pretty sure most people have logins on more than 4 sites. |
| 108 |
|
| 109 |
If literally the only state you need to know about a site is the Nth |
| 110 |
iteration, I wouldn't mind cloud providers knowing that because they |
| 111 |
can't do anything about that number. |
Archives