[cryptography] Hi all, would like your feedback on something

Jeffrey Walton noloader at gmail.com
Mon Dec 21 22:49:39 EST 2015


On Mon, Dec 21, 2015 at 10:39 AM, Brian Hankey <bhankey at gmail.com> wrote:
>
>> From: Givon Zirkind <givonne at gmx.com>
>>
>> On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
>>> The problem you address is certainly real. And a lot of people have
>>> looked at various approaches over the decades. None, so far, is fully
>>> satisfactory. (I obviously believe that a well designed password
>>> manager is the best solution for most people available today, but I do
>>> not see them as the long term solution.) One common mistake
>> IMHO, the basic problem [on a meta level] is, that if you put all your
>> passwords [eggs] into one basket, all you have to do is steal the
>> basket.  crack the master password to the password file and you have all
>> the passwords.
>>
>> old school, manually, ppl used to keep a rolodex of which files to look
>> in for the passwords to certain items.  and, passwords would be hidden
>> in those files.  obstensively, the CIA does this with files that need to
>> "disappear".  e.g. keeping a record in the Atomic Energy Commissions
>> files of some covert op.  with a cross reference that tells someone
>> where to find it.  who's going to look through a warehouse of files to
>> find a record?  it's like a needle in a haystack.  if you could
>> implement that electronically, that would probably be the best way to
>> go.  imho.
>
> This particular needle got lost in the haystack of my inbox… very interesting idea.  Do you have any preliminary ideas on how to implement that electronically? I am not sure where to begin.
>

Yeah, its good idea for many users under a number of threat models and
use cases. Its also the reason that, say, Gmail recovery codes that
are printed and sit in a desk drawer are usually OK. The primary
threat is the network attacker, and he/she does not have access to
your desk drawer.

As Gutmann wrote in his book (p. 528):

<QUOTE>
This 1960s perspective of computing is the type of threat model that
some of the password-security guidelines that are in use today were
designed to counter! What’s worse is that even today, decades after
these archaic threat models were employed as the basis for
password-usage guidelines, we’re still fairly consistently giving
users the wrong advice about password security such as “Passwords are
like underwear, change them often” (solving no identifiable problem
but creating several new ones, see “Password Lifetimes” on page 537)
and “Firewalls are useless if passwords are stuck to the monitor with
a Post-it” [9] (phishers are pretty creative but the one thing they
haven’t managed to do yet is reach out of the monitor to read your
Post-it notes, see “Passwords on the Client” on page 577). As Bob
Blakley puts it, “despite the fact that both attacks and losses have
approximately doubled every year since 1992, we continue to rely on
old models that are demonstrably ill-suited to the current reality and
don’t inhibit the ongoing march of failure” [10].
</QUOTE>

Jeff


More information about the cryptography mailing list