1 |
On Wed, Feb 13, 2019 at 12:12 PM Mark David Dumlao <madumlao@×××××.com> wrote: |
2 |
> |
3 |
> On Thu, Feb 14, 2019 at 12:32 AM Rich Freeman <rich0@g.o> wrote: |
4 |
> > I just stumbled on lesspass which seems to be such a tool for |
5 |
> > algorithmic password generation (lesspass.com). |
6 |
> |
7 |
> Great tool. Good to know there are those that think alike. One |
8 |
> important point though is that in my "version", the user has to |
9 |
> completely know a secure algorithm (which is where all the security |
10 |
> comes from), with a managed tool this is only feasible for technical |
11 |
> users (or at least technical past a certain level). A version of |
12 |
> lesspass that allows users to view and customize the secret-generation |
13 |
> algorithm would be much more secure. |
14 |
|
15 |
Maybe. Here is the problem with this: |
16 |
|
17 |
If you just give the user a choice of one of several secure algorithms |
18 |
to use, then basically all you're doing is adding a few more bits of |
19 |
entropy to the mix. You also have to deal with vulnerabilities in any |
20 |
algorithm your software uses, and not just the one you picked. |
21 |
|
22 |
If you instead let the user code their own algorithm, then while this |
23 |
increases complexity, it also makes it easy for users to shoot |
24 |
themselves in the feet with an insecure algorithm. |
25 |
|
26 |
I think it would make more sense for users to focus on more robust |
27 |
master keys than to rely on security by obscurity with an algorithm |
28 |
that doesn't benefit from peer review. |
29 |
|
30 |
|
31 |
> > 2. The solution does allow incremental counters for sites, but of |
32 |
> > course that is basically state and it looks like they have a way to |
33 |
> > sync this somewhere, but of course that means having a cloud sync |
34 |
> > infrastructure and that info could get compromised (doesn't include |
35 |
> > the passwords themselves). |
36 |
> |
37 |
> Also not an issue for me in practice. In practice you also remembr |
38 |
> which sites forced you to change passwords, since they're pretty much |
39 |
> the only ones in that class. |
40 |
|
41 |
Sure, assuming you don't regularly change your passwords everywhere. |
42 |
I'm not sure that this is as important with manager-generated |
43 |
passwords, but it is a consideration. |
44 |
|
45 |
> Likewise, |
46 |
> your keepass / lesspass secrets should probably be some insane |
47 |
> paranoid level secret that themselves don't come from keepass / |
48 |
> lesspass and their alternatives. |
49 |
|
50 |
While any master password should be secure, the algorithmic approaches |
51 |
suffer more, IMO. With something like Keepass or Lastpass you need |
52 |
both the database and the master password to do an attack. Now, with |
53 |
lastpass anybody with the master password can obtain the database from |
54 |
the cloud, but they're going to throttle attacks or lock the account |
55 |
after so many failures, and you have nothing to crack offline. |
56 |
Lastpass would be vulnerable to intruders stealing the database of |
57 |
course, which then reduces the difficulty of an attack to the same as |
58 |
something like Lesspass. |
59 |
|
60 |
> |
61 |
> > 4. I'm not sure how straightforward it would be to change |
62 |
> > passwords/etc. If you have 100 sites, you'd have to remember what |
63 |
> > password you used for what site, or change them all at once. Again, |
64 |
> > the stateless approach has its downsides as passwords are not |
65 |
> > stateless from the standpoint of the remote sites. |
66 |
> |
67 |
> Actually the generation approach is massively simpler since the |
68 |
> passwords themselves don't matter. If you don't like your secret, are |
69 |
> not sure which iteration a site is, are not sure if a site used an old |
70 |
> or new secret, etc, you can trigger a password reset on most services |
71 |
> and force it to use the current generated password. You can update any |
72 |
> passwords on an as-needed basis to always use the current generated |
73 |
> iteration. |
74 |
|
75 |
The problem with "as-needed" is that you have to remember which |
76 |
accounts use which master password. That sounds simple until you have |
77 |
100 different accounts. My password manager has a huge number of |
78 |
accounts in it. Granted, some of those are more disposable than |
79 |
others, but keep in mind that everything from the local burger chain |
80 |
to your bank has a password these days. Either that, or it supports |
81 |
something even worse like Facebook authentication. I'm all for SSO, |
82 |
but not ones locked into a single provider, and especially not |
83 |
Facebook. |
84 |
|
85 |
|
86 |
> > Password incrementing is an issue for any algorithmic solution - you |
87 |
> > need to be able to remember which password version is in use on what |
88 |
> > site. |
89 |
> |
90 |
> If you're talking about remembering the iteration counter for a |
91 |
> particular site, well, yes you have to store state somewhere. But |
92 |
> consider: |
93 |
> 1 very strong secret + remember that these 3 or 4 sites are on iteration X |
94 |
> |
95 |
> is a LOT less headspace than |
96 |
> 4+ independent strong secrets |
97 |
|
98 |
Sure, but I'm mostly comparing altorithmic password managers to |
99 |
database-based ones. In neither case are you remembering hundreds of |
100 |
passwords. |
101 |
|
102 |
> |
103 |
> and I'm pretty sure most people have logins on more than 4 sites. |
104 |
> |
105 |
> If literally the only state you need to know about a site is the Nth |
106 |
> iteration, I wouldn't mind cloud providers knowing that because they |
107 |
> can't do anything about that number. |
108 |
> |
109 |
|
110 |
It still means having a need to sync state, that was my main point. |
111 |
If it were truly stateless you wouldn't need any kind of cloud sync at |
112 |
all, and I think most would agree that would be an objective benefit. |
113 |
However, here we still have the need to maintain a cloud account, have |
114 |
devices that sync to it, and a need to keep that data backed up less |
115 |
that cloud provider shut down without warning. |
116 |
|
117 |
I think we're mostly on the same page though. |
118 |
|
119 |
-- |
120 |
Rich |