[Discuss] Most common (or Most important) privacy leaks

[Richard Pieri]

On 2/18/2015 3:28 PM, Edward Ned Harvey (blu) wrote:
> They are both secrets, but a password is assumed to be stored in a
> human brain and assumed to contain limited entropy, while an

There's a flaw with this reasoning: a typical password is stored in at
least two places. The first is the human user's brain (or brain
assistance device like a piece of paper). The second is on a computer
somewhere behind the authentication system. It is in the second place
that distinctions between passwords and keys starts to fall apart. It is 
in the second place where password policies are flawed designs.

Simple example: how are Unix and Linux passwords stored? Used to be a
password was encrypted with DES using the password itself as the key and
the first two characters of the login name as the salt. Eventually DES
was replaced with 3DES then MD5 and other secure hash algorithms.
Regardless of the cipher or hash the password is the key for itself.
This is fundamental to how traditional password authentication works
(assuming that passwords aren't left in cleartext).

In principle there is no reason why a Unix or web site password must be 
stored in a human brain (or assistance device). In principle there is no 
reason why it must have limited entropy. In principle there is no reason 
why these passwords cannot be long strings of randomly generated bits.

Forget the perceived dichotomy between passwords and keys. Implement a 
robust, verifiable key chain system that uses long, random bit strings 
of arbitrary length for authentication. Move the security of this system 
into the physical world because while humans are terrible at digital 
security we are good with physical security.

-- 
Rich P.