1 |
On Thu, Feb 14, 2019 at 12:32 AM Rich Freeman <rich0@g.o> wrote: |
2 |
> > > On Wed, 6 Feb 2019 04:28:49 +0800, Mark David Dumlao wrote: |
3 |
> > > |
4 |
> > >> My own solution is actually very simple. I have a "secret algorithm" |
5 |
> > >> that incorporates several secrets with a predictable way to generate a |
6 |
> > >> site-specific secret. The end result is a 100% predictable way to |
7 |
> > >> generate unique passwords for every site that are cryptographically |
8 |
> > >> secure from each other (you cannot derive |
9 |
> > >> one from the other) which can be generated by any device using the |
10 |
> > >> appropriate tools. |
11 |
> I just stumbled on lesspass which seems to be such a tool for |
12 |
> algorithmic password generation (lesspass.com). |
13 |
|
14 |
Great tool. Good to know there are those that think alike. One |
15 |
important point though is that in my "version", the user has to |
16 |
completely know a secure algorithm (which is where all the security |
17 |
comes from), with a managed tool this is only feasible for technical |
18 |
users (or at least technical past a certain level). A version of |
19 |
lesspass that allows users to view and customize the secret-generation |
20 |
algorithm would be much more secure. |
21 |
|
22 |
Or another way to put it might be: if an attacker knows that you're |
23 |
using lesspass, then the only encryption they have to break is that on |
24 |
your master password, so your security is only as strong as your |
25 |
master password. On the other hand, if an attacker knows that I am |
26 |
using an algorithm-generating technique, they need to break both the |
27 |
master secret AND the algorithm, which could have vastly more entropy |
28 |
than the master secret itself. |
29 |
|
30 |
> |
31 |
> Some thoughts regarding this approach: |
32 |
> |
33 |
> 1. Remembering the right "site name" for every site might be tricky - |
34 |
> sites change names/URLs and you won't have any database to search. |
35 |
|
36 |
In my personal practice, not a problem. In practice you always |
37 |
remember the old site name for any common enough site. If you don't, |
38 |
you reset the password to the new site name. |
39 |
|
40 |
> 2. The solution does allow incremental counters for sites, but of |
41 |
> course that is basically state and it looks like they have a way to |
42 |
> sync this somewhere, but of course that means having a cloud sync |
43 |
> infrastructure and that info could get compromised (doesn't include |
44 |
> the passwords themselves). |
45 |
|
46 |
Also not an issue for me in practice. In practice you also remembr |
47 |
which sites forced you to change passwords, since they're pretty much |
48 |
the only ones in that class. |
49 |
|
50 |
> 3. Master password complexity probably matters more than for |
51 |
> something like Lastpass/KeepassX. With traditional password managers |
52 |
> you need the database plus you need to crack the master password (or |
53 |
> get it some other way). With a purely algorithmic approach you can |
54 |
> probably guess at all the parameters other than the master password, |
55 |
> so anybody can try to crack you without stealing any data at all, |
56 |
|
57 |
This is an issue for lesspass, because the only secret is the master |
58 |
password. This is not an issue for algorithmic approaches in general, |
59 |
because the algorithm is part of the secret. Every which way that you |
60 |
choose to encode the intermediary steps in my example above is also |
61 |
part of the secret, because none of those can be guessed from the |
62 |
resulting password. |
63 |
|
64 |
As an example, encoding "madumlao@×××××.com" as the site-specific |
65 |
identifier would give a completely different password than |
66 |
"gmail:madumlao" or "madumlao@gmail" or "madumlao+gmail", etc. And |
67 |
that hasn't yet counted any peppering which influences intermediary |
68 |
hashes. |
69 |
|
70 |
That being said, any system that depends on a master password had |
71 |
better be goddamned secure. In fact, my email account - which is a |
72 |
resetting point for basically all services - is exempt from my |
73 |
password algorithm and uses some ridiculously long secret. Likewise, |
74 |
your keepass / lesspass secrets should probably be some insane |
75 |
paranoid level secret that themselves don't come from keepass / |
76 |
lesspass and their alternatives. |
77 |
|
78 |
> 4. I'm not sure how straightforward it would be to change |
79 |
> passwords/etc. If you have 100 sites, you'd have to remember what |
80 |
> password you used for what site, or change them all at once. Again, |
81 |
> the stateless approach has its downsides as passwords are not |
82 |
> stateless from the standpoint of the remote sites. |
83 |
|
84 |
Actually the generation approach is massively simpler since the |
85 |
passwords themselves don't matter. If you don't like your secret, are |
86 |
not sure which iteration a site is, are not sure if a site used an old |
87 |
or new secret, etc, you can trigger a password reset on most services |
88 |
and force it to use the current generated password. You can update any |
89 |
passwords on an as-needed basis to always use the current generated |
90 |
iteration. |
91 |
|
92 |
> If you do increment passwords, well, now you just introduced state |
93 |
> back in, and the "stateless" solution isn't really so. |
94 |
> |
95 |
> Password incrementing is an issue for any algorithmic solution - you |
96 |
> need to be able to remember which password version is in use on what |
97 |
> site. |
98 |
|
99 |
If you're talking about remembering the iteration counter for a |
100 |
particular site, well, yes you have to store state somewhere. But |
101 |
consider: |
102 |
1 very strong secret + remember that these 3 or 4 sites are on iteration X |
103 |
|
104 |
is a LOT less headspace than |
105 |
4+ independent strong secrets |
106 |
|
107 |
and I'm pretty sure most people have logins on more than 4 sites. |
108 |
|
109 |
If literally the only state you need to know about a site is the Nth |
110 |
iteration, I wouldn't mind cloud providers knowing that because they |
111 |
can't do anything about that number. |