back to article My bleak tech reality: You can't trust anyone or anything, anymore

Virtually everything we work with on a day-to-day basis is built by someone else. Avoiding insanity requires trusting those who designed, developed and manufactured the instruments of our daily existence. All these other industries we rely on have evolved codes of conduct, regulations, and ultimately laws to ensure minimum …

COMMENTS

This topic is closed for new posts.
  1. SuccessCase

    "Both these options have their own significant problems. The centralised LastPass store is an unbelievably tempting target for every ne'er-do-well on the planet. Although it is defended by a team of über cyber ninjas, if LastPass should fall, everyone who uses it is screwed."

    Don't know how LastPass works, but previously I have used Passpack, which also uses two factor authentication. Passpack uses one password to access the service and the second to encrypts your password database locally, using Javascript (so the code is open and inspectable), before uploading it to the server. Therefore the risk of compromise is only on the local machine or, if the Passpack servers are compromised, an extreme brute force attack on the encrypted data blob. The latter is possible but is far from easy and if it becomes commonplace, then we are in the shit from all directions for all services anyway.

    1. Trevor_Pott Gold badge

      The LastPass hashes live in the cloud. All you have to do is download the client, feed it the password and it will fetch the hashes and install them locally. Your master password is not stored on the LastPass cloud, but a hash of that password is, so that you can authenticate and then download your password information.

      That makes the whole thing a pretty damned tempting target. A hash is almost as vulnerable today as a plaintext password. It's pretty terrifying how quickly a well-trained cyrpto-cracker can wade through a list of millions of hashes and crack upwards of 95% of them in a few days. We like to ignore it, yet it happens with alarming regularity.

      It doesn't matter if the hashes are stored in a database as hashes in the traditional sense, or an encrypted file filled with password info (which is probably worse, as it's a single attack point.) The point is that your information is wrapped up in increasingly easy-to-defeat encryption then stored centrally, alongside everyone else's.

      As to storing them on my local machine being somehow "safe"...tell me, sir, are you 100% positive - willing to bet your finances, your job, your life on the fact - that your local machine is not compromised by malware? If you are then I invite you to please write an article for The Register detailing exactly how you know that. Nothing is really safe, it's just a question of which systems are worth the value to attack.

      1. SuccessCase

        "As to storing them on my local machine being somehow "safe"...tell me, sir, are you 100% positive - willing to bet your finances, your job, your life on the fact - that your local machine is not compromised by malware?"

        Nope.. and I haven't anywhere said that.

        And if any children out there there think they can ever be safe, I recommend, reading about the exploits of Kevin Mitnick in Cyberpunk. It makes a nice bedtime story.

        1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Hashes

        Hashes are much, much more secure when they are salted properly.

        Each hash should use a unique salt.

        This means that for a rainbow table attack, an individual table would have to be generated for each hash. This is very computationally-intensive and would make it uneconomical to crack a single password, for the vast majority of use cases.

        Schemes based on this premise are already in wide use. I would hope that LastPass are among them.

        https://en.wikipedia.org/wiki/Bcrypt

        1. Anonymous Coward
          Anonymous Coward

          PATRIOT

          Actually, if LastPass are using individual salting, then this is about the best protection a person can expect from PATRIOT snooping.

          LastPass cannot know your passwords. If requested, they can only give up the hashes that they store. The US Gov would then have to go to extra effort to retrieve the actual security credentials. Individual salts make that largely not worth the effort.

          Just a single character salt means that around 200 rainbow tables would have to be generated in order to crack a single password.

          I suppose you could choose to only store hashes in the LastPass system, and add another layer of encryption with individual salts, secured by a different secret that only you control or see. I'm sure some software could be written to layer on top of the LastPass app to do this automatically.

          1. Trevor_Pott Gold badge

            Re: PATRIOT

            You say "200 rainbow tables would have to be generated" like this was a barrier of some variety. I don't think you comprehend just how mind-bogglingly huge the compute resources of US.gov are.

            1. Charles 9
              Black Helicopters

              Re: PATRIOT

              Even as huge as the resources of US.gov are, there ARE physical limitations. Barring an exploit, a large collection of individually-salted credentials would take more time and energy than the human race can currently exploit. Further along, you run out mass and energy on the PLANET, and we're not even close to ready to exploit extra-planetary mass and energy resources.

              Put it this way. As much as people believe there's a black helicopter for everyone, consider the cost of building one, then multiply by the number of people in the country, then factor in the available US budget, which IS finite and having some debt issues.

              1. Trevor_Pott Gold badge

                Re: PATRIOT

                Again, you go back to "brute forcing is a measure of the crackability of a cypher." It's proven not to be true. Rainbow tables combined with knowledge about how people choose and create password can make cracking even the best algorithm's encryption relatively easy. Will you ever get 100% of the items you are trying to crack? No. You'll you walk through 90%+ with ease.

                I don't think you really truly understand what a yottabyte datacenter is. I don't think you understand the raw scale of the decryption they can do in a facility like that. Not through brute forcing, but through other, simpler means.

  2. nuked
    Unhappy

    Good article.

    I do wonder how we got into the position whereby our leaders, or moreover, the people behind our leaders care so little about the privacy and rights upon which most of our nations were founded.

    Sad times.

    1. Cucumber C Face
      Childcatcher

      >how we got into the position whereby our leaders, or moreover, the people behind our leaders care so little about the privacy and rights upon which most of our nations were founded.<

      Because the media and Lumpenprole demand the sacrifice of freedom for security from pedo-drug dealer-turrorist-tax avoiders.

    2. Gray
      Boffin

      Fear, mostly ...

      Boil it down, then distill the vapors therefrom, and one arrives at a simple fact: governments live in fear of their people. The follow-on fact: it is absurdly easy for a fearful government to incite fear in their people, of other people. All else is a by-product.

  3. itzman

    Nothing is secure

    But if you want to get as close as possible, simply don't use online passwords at all.

    And certainly not third party repositories of them.

    I don't have mobile devices. If I want to log into my bank, I do it form one location behind a firewall over an HTTPS connection.

    I have my own mail server. My mail is not held on anyone else's, bar the fact that it is in fact a VPS, so fleetingly before it gets downloaded to my own personal mail system it might be visible.

    Maybe my home server is less secure than a professionally maintained cloud. Maybe the fact that its inaccessible from the internet means it is in fact far far more secure. Ditto my desktop machine. Short of burgling the house I don't see how anyone could get at the data.

    I am the sysadmin they warned me about. You want secure and you want trust, if you can't trust yourself, who can you trust?

    The internet will never be secure. Too many random people on have root access to too many machines. Use it sparingly, fleetingly and assume that in the limit, whatever you put out there is 100% available for someone else's scrutiny, and that someone, you can't trust.

    100% security and trust you cant do. But anyone who wanders around with their data and means to access that data on a portable device deserves to lose it. Ditto if it is on someone else's cloud.

    And, frankly, one persons private data on a couple of machines at a residential address are hardly a tempting target for the hacker.

    1. AndrueC Silver badge
      Thumb Up

      Re: Nothing is secure

      The internet will never be secure.

      Very true but something increasingly being forgotten. Inevitable really. The longer you've been using it the more you accept it as part of life and become blasé. I use it a lot but I'm technical (going back to 1982) and although it's important to me - it's still a separate resource. I still have the mentality then when I'm going on line I'm going somewhere different and I modify my behaviour accordingly.

      The internet remains - for me - something that I do rather than something that I am and that encourages me to be protective of my personal information. But that's just me. It's a viewpoint that seems to be becoming less common and therein lies a major problem.

    2. Flywheel

      Re: Nothing is secure

      "And, frankly, one persons private data on a couple of machines at a residential address are hardly a tempting target for the hacker"

      Unless that person happens to be [insert name of head of nation/MP/security service here]. Okay so Cameron lives at Number 10, but our MPs all have private addresses.

    3. Anonymous Coward
      Anonymous Coward

      @ itzman

      Your VPS's hypervisor is not an MTA. However, as it relays the network packets it could feasibly capture the plaintext from the SMTP communication.

      You could enable SSL on SMTP for your mail server to help guard against this.

  4. MiniMatt

    Biometrics?

    What are the possibilities for widespread, and reliable, biometrics?

    Whipping out a smartphone or keyfob every 5 minutes is indeed a pain. Whipping out an eyeball every five minutes, less so. Really need to rephrase that last sentence.

    Also, thanks for scaring the bejesus out of me re OSI layers. I've been preaching a mere 7 of the buggers all this time.

    1. J P

      Re: Biometrics?

      Biometrics are fine until someone manages to replicate your verification data. I'm reasonably good at thinking up new passwords; I'm less good on replacement eyeballs.

      1. Michael Wojcik Silver badge

        Re: Biometrics?

        Biometrics are fine until someone manages to replicate your verification data.

        Or decides your data is worth getting control of the original source - that is, your body. I'd rather have someone get illegitimate access to, say, my bank accounts by defeating a password system than by threatening me with bodily harm. But perhaps that's just me.

        In general, the problem with biometrics is that several of the failure modes are tremendously expensive for the authorized user.

        1. btrower

          Re: Biometrics?

          Biometrics are fine until someone loses an eye.

  5. Anonymous Coward
    Anonymous Coward

    Any service that can hand you back a password you stored, will not store hashes - it has to store passwords using a revesible encryption. Thereby if the system is compromised, the attacker will have your passwords, not their hashes....

    1. Ru

      Thereby if the system is compromised, the attacker will have your passwords, not their hashes

      If the key required to decrypt those passwords is not stored by that service, a breach of the service provider's systems need not be immediately catastrophic. A reasonably designed system need not involve any more risk than you might be exposed to if you lost a load of encrypted data. I couldn't tell you whether Lastpass counts as 'reasonably designed' or not, mind you.

      1. Charles 9

        You ever seen all these recent articles about malwares hiding in government installations for nearly a decade? The best malware stays silent and hidden, eavesdropping on network activity and then secretly sending off its results. If a malware sneaks onto the LastPass system, they can just listen for the credentials being passed online (and since it's at an endpoint, it's a point where it could avoid encrypted channels and hear a means of obtaining unencrypted credentials—either the user's master password or his master key).

  6. DS 1

    Old Problem - getting fat now

    What you see if the explosion. Its happened before. This was how computing islands exploded, and how in fact things like Novell and MS AD came about - computing structures combined under single sign on. There are single sign on entities out there, onelogin for example. As Trevor cites however, never before has such a system inherently been so attackable, or breakable by state forces. In the modern world, I'll pointedly state that as much as Trevor cites the US gov, this by extension today also seems to mean anything the US can do - China and others like to play as well.

    So much so, I think that much of this is very wrong. The attractiveness of the cloud is over-riding security to an extent each of us has to have a reality check. Are you willing to write off security in exchange for this? Maybe you are, maybe you are not. You can run tightly controlled closed internal networks. If you pride security, then each of us have choices to make.

    The equipment available means your own closed private networks can be done. And they were no so cheap to do.

    1. Mike 16

      US DHS has some advantage over China PLA

      Although I suppose the PLA _could_extort your private info out of Google and the like by imprisoning Larry and Sergei until they knuckle under, it's a whole lot easier for US entities to do so. All espionage (or crime, or business) is subject to benefit/cost analysis. Unless you are doing something that makes it worthwhile for the malefactor to target you, you don't need to outrun the bear. Some malefactors get great discounts on operations within their own countries. Some give/get "friends and family" discounts too (NZ, UK, USA)

  7. Neil Barnes Silver badge
    Holmes

    Of course, things could be so much simpler

    If all the pointless password protected must log in to use sites realised that, for all practical purposes, a cookie would work just as well.

    So many sites require registration that it's practically impossible to remember username/password combinations, and very few of them actually require this for anything other than user tracking.

    1. nuked

      "...a cookie would work just as well"

      Are you suggesting that this would be as secure, or more so, than a password?

      1. Richard IV

        Re: "...a cookie would work just as well"

        No he isn't. He's suggesting that the data protected by a password on many sites often isn't worth protecting to that level.

        Does knowing "I am the same person that viewed your site last Tuesday" merit the creation of a username and password? The presence of a cookie is just as good a discriminator for tracking purposes as requiring a login.

    2. Tom Maddox Silver badge
      Thumb Down

      Re: Of course, things could be so much simpler

      And what if you log in from a different device or browser?

      1. Neil Barnes Silver badge

        Re: Of course, things could be so much simpler

        How many times does it matter if you log in from a different browser?

        If you're moving money around, you need at a minimum a strong password and ideally a two-factor system. But practically every other function where a registration is required to use a service don't actually need one. You need a short-term token to say you're still the same person who started the process, but there's no need for *any* site to store your payment details; hence no need for user-facing security and no need for registration.

        I need registration to prove I'm authorised to write this on El Reg, but does it really matter if I have to do it again when I get home and use a different machine? My point is that there are far too many sites which require registration for no good reason.

        1. Anonymous Coward
          Anonymous Coward

          Re: Of course, things could be so much simpler

          Sites require registration because they need to know who you are. This is how they make money and offer you free services.

          In reality there's no simple fix to the problem of security and trust. A possible mitigation would be a <shudder>standard</shudder> for password structure. Part of the problem is the large number of different password rules. Most people could probably cope with one complex password. The trouble comes when that doesn't meet the rules for every site.

      2. Anonymous Coward
        Anonymous Coward

        @ Tom Re: Of course, things could be so much simpler

        "And what if you log in from a different device or browser?"

        Use a sync service such as Firefox Sync. Not a problem for me.

  8. Anonymous Coward
    Anonymous Coward

    Lastpass crypto

    To say Lastpass stores your password hashes is a bit disingenuous, it stores the result of three separate SHA256 hashing operations.

    Lastpass in your BROWSER concatenates your email and your password (PW) together then generates a SHA256 hash this is your encryption key (EK).

    The BROWSER plugin takes Your EK and concatenates this with your PW then generates a SHA256 hash and this is your authentication token (AT).

    Your browser passes this to Lastpass to authenticate.

    Your AT then is concatenated with a UNIQUE 256 bit random number ID (LPID) generated and stored by Lastpass at account creation, this is hashed with SHA256 to produce a unique string (US) which Lastpass compares to the US it stored with your LPID and encrypted password store.

    Lastpass do receive the AT during authentication but they never store it only the result of the AT+LPID SHA256 hash is stored.

    1. Trevor_Pott Gold badge

      Re: Lastpass crypto

      Whatever the handwaving, the end result is that your passwords are encrypted and stored in the LastPass cloud. When I download the client to a new computer and log in with my LastPass master password I instantly have access to my full database of password on that new computer. I can log in to anything I want.

      That means that there is enough information on the LastPass cloud to reconstitute my username and password for every single website I have stored in there. There may be layers to the encryption, but encryption can be - and is - broken. I'm sure you're next going to trot out some obscenely long period of time it takes to brute force whichever set of algorithms were chosen. Let me save you the trouble.

      You know and I know that encryption and password hashes both are rarely brute forced anymore. There are about eleventy squillion techniques ranging from the humble dictionary attach to pesudo-brutes using "common patterns" combined with various advanced dictionaries that will solve the overwhelming majority of decryption tasks. Brute forcing is rarely every necessary.

      In a lot of ways, LastPass is even more vulnerable than a simple database of hashes because of the vulnerability of that master password. The Master Password has to be something a human can remember in order for the system to work. So even if the encrypted container/hashes/what-have-you on the lastpass side can't be bruted, the master password is highly vulnerable and thus so is everything it protects.

      Look, I"m not bashing LastPass here. I wouldn't use it unless it kicked ass. It's probably the best defence we currently have. It is, however, not remotely perfect. If nothing else, it is vulnerable to the feds. They could walk through the LastPass defences like a hot knife through butter if they wanted to and there isn't a damned thing anyone can do about it.

      So long as enough information exists in a a cloud service stored on United States soil to reconstitute my passwords enough to log in to online services then those passwords - and everything they are meant to protect - belongs to the United States government as surely as if I had written it all down on a sheet of A4 and left it in my pocket whilst crossing the border.

      1. Anonymous Coward
        Anonymous Coward

        Re: Lastpass crypto

        I know you're not knocking the lastpass service, it's just the information presented on how the service works is incorrect that's all.

        I'm also not going to harp on about the n trillion years it takes to brute force a particular algorithm,

        as I know the goalposts are always shifting in that respect, and actually I agree the weak point in any protection scheme is always going to be the master password.

        If you follow the information I posted on how lastpass works you'd see that there isn't enough information on the lastpass site to reconstruct your master password.

        Also the passwords for your websites the lastpass service stores are not hashes they are stored in one monolithic blob using the AES256 symmetric encryption algorithm, the decryption of your password blob is done locally in your browser by the plugin.

        This discussion is actually moot as the target webserver (not lastpass) is usually the point of compromise, your password there IS hashed and is frequently hashed with weak sha1 or md5 which are functionally broken.

        therefore the feds/goverrment/organised crime are more likely to go after the soft targets first.

        1. Anonymous Coward
          Anonymous Coward

          Suggestion

          Additionally, in the LastPass system, there could be some concept of authorising a new device (similar to Firefox sync). Put a certificate on the device once it is authenticated.

          There could be a second password to allow this that wouldn't be needed on a daily basis and therefore could be more secure without becoming unusable.

  9. Eugene Crosser

    yubico

    @trevor and all interested should take a look at yubico's products. They are primarily designed to work with LastPass-alikes, but can be used without relying on a third-party cloud service. They are rather open (implement standards, most of the accompanying software is open source), which, to some degree, can solve the trust issue. I use their token to log into my machines locally, using challenge-response mode and open source PAM module.

    I am not affiliated with them, just an enthusiastic user.

  10. Anonymous Coward
    Anonymous Coward

    Policing users

    Whether anyone likes it or not, ISPs are going to have to start policing their users. It's not like they don't have the capability to perform packet inspection, and identify the ssh brute force attacks, and the site flooding attacks etc, etc.

    Instead we live in a world where ISPs sit back claiming they're not responsible for the activities of their users, most of them ignore completely reports of abuse (I'm not even sure why many of them bother having an abuse email address, they certainly don't bother reading emails sent to them), and responsibility for the security of sites (and therefore the users of those sites) which are under constant attacks is left upto the site admins, and users are exposed to multiple risks from miltiple sources targetting them via multiple vectors.

    The only long term solution is stopping attacks (as many as possible) at source. Maybe the ITU could piss away their time coming up with regulation to make 'anti-attack policing of users' an ISP responsibility, instead of dicking around with who controls IP addresses. Yeah I know, but it's good to dream....

    1. Charles 9

      Re: Policing users

      So how do the ISP perform packet policing when their users increasingly use end-to-end encrypted channels like SSL? Or worse, encrypted-by-design networks like ToR, i2p, and freenet? How do you you DPI an encrypted packet?

  11. Captain Hogwash

    Interesting article

    This bit caught my eye in particular:

    "End users buy into marketing campaigns designed to make us feel as though we are somehow suspicious and guilty for worrying about such things."

    Yet they lap up dystopian fiction in the form of novels, films and TV series which lay bare all the reasons why they should be worrying about such things. It's almost as though some attempt has been made to infantilise them and stop them thinking about anything much more than entertainment. I wonder if there's anything about this in 'My Documents'.

    1. btrower

      Re: Interesting article

      @Captain Hogwash

      Re: "It's almost as though some attempt has been made to infantilise them and stop them thinking about anything much more than entertainment."

      This is effectively true, but I am honestly not sure why/how. It may be that the majority of the Bell Curve is truly unable to understand the issues. Certainly only a very small percentage have a very deep appreciation of the issues. Also, in my experience, even very intelligent and motivated people have trouble understanding much about PKI, among other things. The tortured X.509 spec would seem to indicate that even the inventors of half this stuff lack a reasonable understanding.

    2. Anonymous Coward
      Anonymous Coward

      Re: Interesting article

      "Yet they lap up dystopian fiction in the form of novels, films and TV series"

      exactly. Its just a movie so cant possibly happen. And if you think it can, your a conspiracy nut.

      Id never considered this angle before, and ive no idea if its been constructed on purpose. But its quite clever

  12. Anonymous Coward
    Anonymous Coward

    Deterministic Password Generators

    An alternative are deterministic password generators that mean your passwords are never stored, not even their hashes. They are available from as many devices as the author of the tool supports. Still, if you are entering 100 passwords a day, they could be cumbersome.

    1. Charles 9

      Re: Deterministic Password Generators

      But you'd still need the necessary credentials to pass into the procedural generator in order to reconstitute the password. If that information is smaller than the hash technique, it isn't worth it since they'll just try to retrieve the procedure parameters and then reconstruct the algorithm (likely through disassembly—and the procedure must be in memory for it to work, so there's no guaranteed way to hide it).

  13. btrower

    A few notes

    Good article. The first step to solving a problem is to recognize it exists.

    The discussion about hashes gives me the willies. I know there are some places where raw hashes are used to authenticate passwords and to the extent that it is possible to get those hashes, they offer no security at all. In recent times, though, I have not seen unsalted hashes. Salted hashes move the vulnerability back to the random store and that is often not too strong either. However, the need for (and difficulty of obtaining) a good random store is well known in the security community and this is certainly improving.

    Security as we know it is likely gone. A concerted attack by a strong adversary is likely to succeed. There are a few things we can do about this. The first and most important is to change legislation such that ill-gotten information cannot be used. A second thing is to reduce what is required to an absolute minimum. When you go for a loan now, they pull credit bureau files with a ton of personal information. If, instead, they were obliged to go to your proxy, the proxy could insist that only the creditworthiness of the entity applying for the loan would be provided and that the proxy would indemnify against any default. In that scenario they only need to know that the credit is a 'go' and where to send the money. In a naive scenario (not even this data would be known in a practical system), you buy a car and the only thing the bank needs to know is the name of the dealer and the fact that the loan is good. They do not even have to know your name.

    As of this point in time, most data is being held and transmitted in the clear. This allows attackers to determine which data streams to attack. That needs to change. We need to move to a culture where everything is encrypted such that source and destination and the size and the nature of the transmission cannot be determined by snooping the line (including side-channel attacks), the origin, the source or the nature of the transmission.

    True security against a well armed attacker may well be impossible. However, more than reasonable security against most attackers is entirely possible. One of the reasons my paranoid self believes this is true is because the establishment that controls things insists on keeping key sizes down, insists on a woefully insecure network and still is madly attempting to create legislation to force intermediaries like ISPs to reveal 32 bit IP addresses-user pairs, to enforce weak encryption and to outlaw attempts to circumvent their own encryption.

    Although I would not get too cocky about it, I expect a system with multi-megabyte key sizes using several different types of PK encryption, conventional encryption, unconventional encryption (i.e. added custom cyphers), nested salts, nested encryption, decoys and steganography, strong pseudo pads, etc would be secure against any direct attack on the encryption. This is not available to non-programmers, but it is certainly available to a significant subset of programmers.

    1. The Commenter formally known as Matt

      Re: A few notes

      A few notes on your notes

      Some of your notes went over my head but here's what I got:

      Your idea of loan proxies is effectively what a bank does at the moment. I lend my money to the bank (or they buy it on the money markets) they lend it to borrowers. I get a small return, the bank gets a much bigger one. I don't get to know who borrowed my money, but neither do I take the risk of an individual borrower going bust. (And if the all go bust then the Government covers the risk. And if the government goes bust then I have bigger worries than losing a few thousand of what is now a worthless currency)

      When you ask a lender for a loan the reason they get all that personal information is they use it to determine how risky they think you are. Each bank has a different idea of what makes someone risky and so algorithm they use is different for every lender. They don't want anyone 'working the system' or copying their (obviously superior) algorithm so it is kept very, very secret. Banks have different risk appetites and like a mixture of different risk levels. If you lend with zero risk then your return is minimal, for this reason banks would would never go for exclusively using a proxy as they couldn't make enough money.

      > As of this point in time, most data is being held and transmitted in the clear

      Source? Depends what you are talking about I guess. If you mean credit bureau to bank then I don't have personal knowledge but would be very surprised if this was true. If you are talking websites then most I use on a regular basis are https.

      > the establishment that controls things insists on keeping key sizes down, insists on a woefully insecure network and still is madly attempting to create legislation to force intermediaries like ISPs to reveal 32 bit IP addresses-user pairs, to enforce weak encryption and to outlaw attempts to circumvent their own encryption.

      Who do you mean by the establishment? If you mean the Govt then, here in the UK at least, they seem to take it seriously. Pen testing for externally facing systems, GSI for emails, usb device ban other than encrypted devices. All laptops encrypted. Constant training on how to not leave sensitive info on the train. etc etc

      > enforce weak encryption

      I haven't heard of anyone trying to do this. Yes, in the UK, a Judge can force you to hand over your encryption keys (and yes the law is broken) but they haven't forced anyone to use crappy encryption.

      > outlaw attempts to circumvent their own encryption

      Are we talking Govt or private industry here? Yes they have DRM, no I don't like it, but from their point of view the west makes less physical goods and more IP so the IP needs to be protected to keep our economy going (If the IP holders decide to pay tax of course!)

      > This is not available to non-programmers, but it is certainly available to a significant subset of programmers.

      Then create a project/product. Make it user-friendly and shout to everyone why they need it!

      1. btrower

        Re: A few notes

        Notes on your notes on my notes :)

        Re: Your idea of loan proxies is effectively what a bank does at the moment.

        No. The bank acts on their own behalf, not mine. Instead, I would like to see the data custodian acting as a fiduciary *on my behalf only* and for every other one of the hundreds of other entities holding data on me to have only that which they absolutely need to deliver the particular service. Unless you are engraving a name plate, you don't need my name.

        The promiscuity of data that is more dangerous to individuals than they realize. The fact that anyone even thought to ask for people's facebook passwords as a condition of employment in the United States is cause for alarm. They could not ask for it if it effectively did not exist.

        Re: Government

        The Government is part of the problem. Governments appear to universally overreach their authority until stopped. They are, in my opinion, way, way, way beyond their legitimate boundaries. Blinding data and storing with a strong supra national proxy agent is an avenue to fixing that problem.

        Re: the reason they get all that personal information is they use it to determine how risky they think you are

        So they say. However, they do not expunge that data once they have made the determination. If you can give them the determination without the data, then there is not much they can say. An indemnified 'yes' to a loan will be picked up by somebody.

        Re: algorithm ... is kept very, very secret"

        Maybe, but since I am one of the people who has actually designed and built an engine to replace human adjudicators it is not rocket science (as I am not a rocket scientist).

        Re: data is being held and transmitted in the clear

        It effectively is. HTTPS is not secure if sites are using self-signed certificates. If they are, then they are open to a man-in-the-middle attack. Websites routinely (really) have self-signed certificates. Control over data is astonishingly lax. It is getting better due to privacy laws, at least here in Canada, but it is still not great. To the extent that they can make money by transmitting or misusing information, they still do to an alarming extent. I remember being in a meeting years ago with one of Canada's largest banks during which they were talking about misusing customer data so badly that we refused to do the project.

        Re: Establishment

        I am mostly talking about the U.S. government, which has a huge sway over the rest of us. Last I heard, they still controlled export of encryption stronger than 64 bits. The fact that they are concerned about encryption stronger than 64 bits indicates to me that significantly larger keys may be difficult or impossible for them to defeat.

        Re: Judge can force you to hand over your encryption keys

        That effectively lowers your encryption to zero bits. Sounds like crappy encryption to me.

        Re: IP needs to be protected to keep our economy going

        I do not consider feathering the beds of rent seekers as keeping our economy going. The rent seekers *told* you that, but did they offer any real proof that it is true? [Answer: no] If it was really true there would be a very cogent argument involving research data that conclusively proved that the unfortunately named 'IP' was definitely good for us all. Go ahead, see if you can find it among the billions of pages indexed by Google. The sole return from the search for "proof that IP protection is necessary" returns a page were they offer this hearsay assertion: "As proof that IP protection is necessary to the process of technology transfer, IDEA points to the successful dissemination of cell phones". Huh? That is not 'proof' by even the most forgiving of standards. Meantime, a Google search for "how to make an atomic bomb" returns nearly a quarter million hits. Seriously, do the math. An entire industry is behind suing over 'IP'. You can bet that if they actually had any sort of reasonable argument the argument would be front and center. You would surely get more hits than for recipes to make atomic bombs. I have taken a long look at the Sturm und Drang surrounding so called 'IP' and I have never seen a sensible argument in favor of the current Copyright and Patent regimes. The vast majority of creators would give up any right to copyrights or patents in a heartbeat if they understood what the trade meant. Give up a tiny trickle of income and gain access to all the world's art and music, science and literature and remove the 'IP' tax from goods and services -- not just for yourself, but for everybody.

        Re: Then create a project/product. Make it user-friendly and shout to everyone why they need it!

        I think you might be joking here, but if not: you can't trust me. If you need to depend upon me, then you don't really have that security. I did at one point make a drag and drop interface to encrypt text and may make it available again. However, you are then stuck trusting me (or someone who vouches for me or the code). You already have lots of choices for something like that. My point is, unless you can do it yourself, you cannot be sure it is not compromised.

        1. The Commenter formally known as Matt

          Re: A few notes

          interesting notes!

          Here are some more:

          >I would like to see the data custodian acting as a fiduciary *on my behalf only*

          On your behalf as a borrower presumably. If they can't act on their own behalf they they must be a non profit. So you are asking for a non-profit bank, or simply a bank with higher standards of data security?

          Alternatively maybe you want these data custodians to be ratings agencies for individuals. However ratings agencies aren't held responsible for their recommendations and risk isn't an exact science so their recommendations are usually crap anyway. If the data custodian is forced to guarantee a loan they will probably only lend to very very safe borrowers and charge a high margin to cover when they get it wrong.

          Their ability to rate borrowers is what makes each bank unique and why they offer different interest rates. If they can only offer loans to these indemnified borrowers then it's just a race to the bottom in terms of returns.

          >An indemnified 'yes' to a loan will be picked up by somebody.

          True, but what happens to people who want a loan but the data custodian refused to indemnify their loan? Is it because the borrower is too risky for a loan, or they are too risky for the data custodian, or the data custodian made a mistake or had a bad risk algorithm?

          What if there is a lender who disagrees with the data custodian and is willing to take the risk on this borrower (or would if they knew the details/credit report)? You seem to be suggesting one large data custodian, if effect this is destroying the loans market and would result in increased rates for everyone.

          >Unless you are engraving a name plate, you don't need my name.

          Well someone needs your name, if this data custodian came into existence then no the bank wouldn't need your name, but the data custodian would.

          >However, they do not expunge that data once they have made the determination.

          They would need to keep your contact details, but the rest should not be kept. If it is their the data protection watchdog should give them a kicking.

          Side note: Have you heard of zopa? Its a 'peer-to-peer' lending scheme here in the UK which appears to do what you are suggesting without the indemnity. They do credit checks on borrowers and split them into risk groups. Lenders then sign up and offer to loan money out to the groups at different rates. Lenders get better rates than at the bank, borrowers get better rates than at the bank. Zopa make a margin. People seem to like it as it identifies banks as a greedy middleman and bypasses them, but if a borrower defaults the lender loses out.

          >The fact that anyone even thought to ask for people's facebook passwords as a condition of employment in the United States is cause for alarm.

          This is a whole other thread, yes employers asking for facebook passwords is wrong (and if you give them over breaking the TOS). The simple answer is say no and work for a less creepy boss (hey I did say simple answer).

          >They could not ask for it if it effectively did not exist.

          True, but some people want to use facebook. Just because some dodgy employers are making unacceptable demands does not mean innocent people should have facebook taken away from them.

          >I am mostly talking about the U.S. government, which has a huge sway over the rest of us.

          fair enough

          >controlled export of encryption stronger than 64 bits

          From what I understand this is a handup from old weapon export laws but isn't enforced.

          >That effectively lowers your encryption to zero bits. Sounds like crappy encryption to me.

          But only on a court order, which one would hope was carefully considered. Unless you are seriously suggesting law enforcement should never have access to any encrypted data. Could you imagine how badly this could be for society. On the other hand if it became too easy for 'them' to get private data it could be equally bad for society. (and I did say this was a broken law)

          >The vast majority of creators would give up any right to copyrights or patents in a heartbeat if they understood what the trade meant. Give up a tiny trickle of income and gain access to all the world's art and music, science and literature and remove the 'IP' tax from goods and services -- not just for yourself, but for everybody.

          If your sole income came from being a creator; authors, song writers (not necessarily performers), artists and computer programmers are a few examples that come to mind, then I bet you wouldn't agree to this. Lose your income but get other art etc for free, Great but you can't eat art.

          Unless you are referring to a utopian vision where physical goods are free then this isn't going to fly.

          What about a company that designs advanced computer chips, or any industry that take a huge investment to produce a new good. Are you seriously suggesting that anyone with manufacturing capability should be able to grab their designs and start selling?

          Current copyright and patent laws are not perfect (to somewhat understate the situation) but what they are mean to do (protect innovators for a *limited* amount of time so they can turn a profit before their competition gets their innovation for free) is a fine goal.

          >Re: Then create a project/product. Make it user-friendly and shout to everyone why they need it!

          >I think you might be joking here, but if not: you can't trust me. If you need to depend upon me, then you don't really have that security.

          Yes it was half tongue in cheek statement. More a dig at the open source believe that everyone can code and many eyeballs makes for safe code.

          On a more serious note: above you were talking about someone acting as a fiduciary and that takes trust. So yes somewhere along the line you need to trust other people. You can't survive without it.

          >My point is, unless you can do it yourself, you cannot be sure it is not compromised.

          And unless you are the worlds expert on encryption (and cracking of) you can't have reliable security.

          How do you write code? Because unless you wrote the compiler yourself...

          1. btrower

            Re: A few notes

            Huh. I will take responsibility for my poor explanation I suppose.

            You appear to believe that access to information to data is a zero-sum game of sorts. It is not. You also seem to think it is OK to participate in the 'artificial scarcity economy' as long as you are one of the winners and not one of the losers. You also place more than a little trust in officialdom and the 'party line'.

            We fundamentally disagree with respect to the above and it is a disagreement unlikely to be resolved.

            Data is valuable. Data about me is worth money. It is bought and sold all the time. A clever geek can do a statistical analysis with data from data mining operations. If there exists a correlation between increased mortality and some data element related to me, that is worth money to an insurance company. They will prosper by selling insurance to me at a higher rate or save money by not selling a bad police. This is good for the miner and good for the insurance company, but it is bad for me. It is my data and any value it has properly resides with me.

            A fiduciary that acts exclusively on my behalf can see to it that only the barest information necessary goes from me through them to a third party. A large well funded agent working for me will be able to negotiate better terms than I could on my own. To the extent that they create value, we will share it. For the agent, it will be a profitable business.

            Privacy is a security issue. To the extent that banks are attempting to use my data beyond the purpose that put it into their hands, the banks are an attacker. I work with financial institutions and I can assure you that they look to profit from any data they can gather and they do *not* expunge anything unless forced to do so.

            To the extent that a single bank might cheat or even accidentally lose custody of my data, they present a finite risk. To the extent that that the number of banks who have my data increases, so does my risk.

            My agent has a legal duty to act as a fiduciary, because by definition that is our relationship. In Canada, at least, the banks have fought very hard so they do not legal have legal obligations as fiduciaries. They are under no legal obligation to give you fair and sound advice about their products or your financial planning. If they give advice that improperly enriches them at your expense, it is fair game. I know this for a fact because I have been in that position personally and I was astonished to find it was true when I went to recover my money.

            Currently, financial institutions skirt the Criminal Code. If they were allowed to do worse, they would.

            Re: Someone needs your name.

            Sure, my friends and my family need to call me something. I like having a name. It's tradition! However, a telemarketer only needs my name for his benefit and his benefit comes at a cost to me. I don't want him to have it. The bank does not need a name to transfer money, they need an account. I don't type my name into an ATM machine to withdraw cash. It does not need it. Nowhere, in the software systems I have seen (I have worked with a lot of large financial institutions) is there a routine that requires particular ASCII characters in a name to manipulate accounts.

            Re: If it is their the data protection watchdog should give them a kicking.

            What should be and what is are not the same thing. In practice, our watchdogs serve them, not us.

            Re: does not mean innocent people should have facebook taken away from them

            Was not talking about taking facebook away. Was talking about making employer access to it impossible. The simple way would be to broadly make such requests a criminal offense.

            Re: old weapon export laws but isn't enforced.

            Yea, we have a lot of that going around. It is not OK. Making everyone a 'virtual criminal' allowing selective enforcement is even worse than enforcing the law.

            Re: But only on a court order, which one would hope was carefully considered.

            I trust the courts more than I do the executive and the legislature, but I do not entirely trust them and do not want to be forced to trust them when it is not necessary.

            It may be OK for you trust your security to wishing and hoping. It is not OK for me. Better to make this simply impossible to make sure cheating can't happen. We currently have less to fear from criminals than we do from the State and powerful Corporations. They currently take, by force, under color of 'law', almost everything you earn. Criminals might rip you off for a few percent of your income.

            Possible without my permission = too easy.

            Re: If your sole income came from being a creator ...

            It does. Removing copyrights would have little to no impact on that income and incalculable benefits otherwise. I am paid to create software that people use to automate things they are already doing to create things of value. The one thing that I wrote that is in wide use is open source library code that was funded by government research grants. Everybody wins there. I know lots of creative people and they generally make their bread and butter with an honest days work that the community will continue to fund. This is like arguing that we should not automate stuff because it will put people out of their menial labor jobs. It is a false choice to say that people must either slave away their lives at menial jobs or go hungry. They can (a) move to jobs automating things like me and (b) work less because the automation reduces the labor necessary to produce a given output.

            Re: Unless you are referring to a utopian vision where physical goods are free then this isn't going to fly.

            The world can be a better place, of that I am sure. Mining and manufacturing to produce goods do not require Copyrights and Patents. Farming not only does not need them, it is negatively impacted by them. Eliminating patents on genes would mean more food and medicine, not less.

            Re: Are you seriously suggesting that anyone with manufacturing capability should be able to grab their designs and start selling?

            Yep. Aggregate wealth increases when information is free to move and everyone is free to use the best techniques available.

            Re: is a fine goal.

            Not so sure that creating a lottery race to patent human genes has any value. To the extent that goals are fine, Copyrights and Patents hinder rather than help. You would be appalled if you started to seriously drill into the patent system.

            Re: a dig at the open source believe that ... many eyeballs makes for safe code.

            Nobody in the know seriously disputes this. Entirely secret security systems cannot be trusted at all.

            Re: fiduciary and that takes trust

            Trust but verify and only trust what you must. I do not trust a sole fiduciary either. Anything important is always secured by multiple custody. As single combination won't open a bank vault. You have to trust the two parties holding the combinations together, but you do not have to trust each of them separately. In modern encryption systems we can spread custody to an arbitrary 'm' of 'n' custodians such that, for instance, it takes the cooperation of 7 out of 10 key holders to open the vault.

            When I say you can't trust me, I am standing as proxy for any party providing encryption.

            Re: encryption skills and untrustworthy compilers

            I can definitely produce code to encrypt on 1Mbit keys, do 'm' of 'n', PKI, etc. I use a compiler for which I am able to compile the source in most cases. If you have access to the source, you can (albeit with some difficulty) defend against various compiler attack strategies. You do need a certain level of skill, but it is not *that* difficult to get as good as you can off the shelf with the added trust that you compiled the code yourself. The back-doors I worry about are deliberate cryptographic weaknesses in key schedules, key sizes, randomizers and similar design characteristics. There are ways, definitely, for a careful journeyman programmer to improve on out of the box pre-compiled code.

  14. btrower

    Simple technique to increase cypher strength

    I am not sure why I have not seen this before, but it has been a part of my encryption strategy for more than a decade to randomly generate a portion of the encryption key such that even the party with the key has to spend some time guessing the entire key. This allows you to arbitrarily increase the CPU effort required at the other end such that, for instance, 15 years later when computers are generally a thousand times more powerful, the effort remains the same because more of the real key is replaced by random bits.

    1. Trevor_Pott Gold badge

      Re: Simple technique to increase cypher strength

      The problem is that brute forcing a password is only actually a requirement for a very small number of passwords in any given list of hashes. Our techniques for cracking password hashes and encryption have evolved so far beyond brute force that mere entropy is not longer a workable measure of password difficulty. Instead, randomness is becoming highly critical; passwords cannot be allowed to match any known pattern.

      1. btrower

        Re: Simple technique to increase cypher strength

        @Trevor_Pott

        Re: "any given list of hashes"

        If I understand you correctly, I agree with this on its own. If it is a known hash algorithm and it is unsalted, like I said in an earlier comment, you effectively have no security at all for most passwords. This technique does not substitute for the rest of the security chain, it just enhances it. That enhancement should be true even against rainbow tables because it increases the length of the password. If you force it all the way to maximum feasibility such that a very powerful machine on the other end is required to spend several minutes determining the entire key, in theory you could use a larger machine to lock out any sufficiently smaller attacker even if they know the nominal key.

        In a realistic scenario, this just ensures that some of the bits, by virtue of never having been stored and never even known by the original key holder, *require* guessing those bits. If it were, for instance, 21 bits missing, requiring on average a million guesses even when you hold the key it would increase the size required of the rainbow table by orders of magnitude. There comes a point beyond which rainbow tables and similar techniques are not practical.

        It is exceedingly difficult to uniformly raise the barriers against a well armed attacker. At the point that you have multiple levels of salts, multiple levels of encryption, etc, this, barring certain types of theoretically efficient attacks, adds bits of strength essentially for free (well, at the cost of back-end CPU cycles). As far as I can tell, there is no way around this type of hardening (assuming non-trivial encryption) because it is essentially an absolutely secure one time pad.

        1. Trevor_Pott Gold badge

          Re: Simple technique to increase cypher strength

          Dan Goodin at Ars Technica has a series of articles on cracking passwords that you really should read. Some of what you say is true. Some of what you say is...out of date. I'd have agreed with you a few years ago, before Hashcat, modern pattern matching, anti-salt techniques and GPU + ASIC mini-supers.

          1. btrower

            Re: Simple technique to increase cypher strength

            I am not certain if we are talking about the same thing. I took a look at some of Dan's articles and tried to find 'anti-salt' techniques. The only reference I could find spoke of attacking the salt by brute force and they only used 4 and 5 byte salts. In an earlier post on this article I mention *megabyte* key values and that includes salts as well. It is true that weak salts are weak, just as weak passwords are weak. However, that does not speak to the strength of strong passwords and competent salts and related techniques.

            What you refer to leads to something that points to the value of the technique I describe. A current variant of hashcat is able to brute force ~2^33 hashes per second on a modern HD7970 GPU. To reduce that effectively to two per second, you add 32 random bits prior to hashing. The addition of 6 6 bit characters will require an additional 2^36 guesses to get a password.

            You could use the base64 characters: b64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/". Any random function to choose a character from the above will do. Choose six random characters such as:

            13 47 22 60 36 20 = N v W 8 k U

            Add the above to your password and even a fairly large cracking setup will take some time just to crack an unsalted md5 hash of a password.

            Client enters a password into your system, say 'password123'. Your server system generates a random addition as per the above, say 'NvW8kU' and adds it to the password. The password becomes 'NvW8kUpassword123' and that is what you hash. In the case of md5, md5('NvW8kUpassword123')=8f4bb28e2d7e5df5e1b971fbce3007cc. When the client enters in their password ('password123'), the server guesses, like any attacker would have to guess, the first six characters to match against the stored hash.

            In practice, the above would also be coupled with a random salt. Here is a common password that is already found in the rainbow tables at http://crackstation.net/, but salted with a 128 bit salt:

            82730f07b0953fc7555f15bca138f0c6

            Even though the above is an md5 hash of a known password, it is not likely to be guessed any time soon without the salt.

            Here is a vanilla md5 hash of a strong password formed only from letters and numbers:

            d4fffc0f9b56cf324e13534c73228e06

            It is a ten character password, plus the additional six characters as described above. Here is, according to the protocol above, the first six characters of that password: tTQGVj. It would take the computation of approximately 2^59 trials to get the balance of the password from that hash, even though there are only 24 bits of password left.

            The perception that passwords are in danger is a real one. If sites store passwords as vanilla hashes and allow weak passwords then stealing the file of hashes is equivalent to stealing the passwords. Once passwords are in your possession, any that are common to other systems are thereby compromised. My technique will increase the security of your hash file, but it cannot protect against passwords that are already compromised.

            To be honest, as a user I am not fond of systems with stringent password requirements. However, in the absence of additional tokens for security, the only way to ensure security of your system is to enforce a password policy that makes it difficult to use insecure passwords.

            Suggestions: Enforce long passwords > 16 characters. Arbitrarily disallow a random half of the character set. Disallow anything similar to a dictionary word (dictionary word being any known string). This will not protect you against a person re-using their password from your site on another site with less security, but it will protect you against someone reusing a password from a weak site on your site.

            1. Trevor_Pott Gold badge

              Re: Simple technique to increase cypher strength

              In practice, the above would also be coupled with a random salt.

              Except, in reality virtually nobody seems to salt their passwords hashes.

              As for salt cracking, there are at least three good methods I know of:

              1) Crack 2 (or more) passwords by brute force. Find what's the same and take that as salt. Attack rest of hashes.

              2) Sign up for the service and use your known password to attack the hash to determine salt.

              3) Find an e-mail address associated with a password hash that you already know the password to (because you cracked that user's password on another site and we all reuse passwords.) Use the known password to attack the hash and determine salt.

              These are just the ones I know about and I am not a security expert.

              Now, you're correct in that huge key sizes and large character values with password requirements that force the password to be something humans can't remember stands a chance of surviving even a trained hashcat operator with a 50-GPU mini-super sporting 12 ASICs for fun. (Which I am seeing more and more of on the cracking scene these days.)

              That said: A) nobody uses those in reality. B) It still doesn't protect you against US.gov. And again, there are supposedly salt attacks out there I haven't heard of - I'm not cool enough to be in those password cracking clubs, you see - so I wouldn't be so sure about the security of hiding behind large numbers.

              1. btrower

                Re: Simple technique to increase cypher strength

                @Trevor_Pott

                I don't want to make overmuch of the ability to defend against attack because your notion that systems are vulnerable is entirely correct. I would not want readers to infer that password protected systems are secure. They are not secure at all in the current environment. My only point was that adding these extra bits would *help* to harden a system at a very small cost to the defender. It is a very cheap upgrade and in the case of a very powerful defender it could significantly increase the resources required of an attacker.

                You make some excellent points and as salts are currently employed in many systems they *are* vulnerable to such techniques. In fact, systems are vulnerable to many other things as well.

                If salts are properly employed, you can't get to them in the ways you describe. In fact, there should be no simple pathway to the salts. Note the plural there. Cracking the single salt used on your password should have no effect on the rest of the file. In the case of most of the PHP systems I have seen, the weaknesses you describe are real enough.

                One of the things you mention I also mentioned as a vulnerability against which it is impossible to defend. If a password is stored on a compromised system and is also used on your system, then the password can be obviously be used on your system. It is hard to see how a system that accepts credentials can be defended against someone who holds the credentials.

                Although somewhat out of scope for this discussion, let me mention in passing the technique used to defend against this that I employed on a banking system: Users required both their password and possession of a unique, copy protected writeable key. The only practical way to gain possession of the key was to physically steal the key and that key only allowed access to the single account for which it was issued. Communications were encrypted using a proprietary technique provided by a third party. This was back in the day before secure time services were available. To create a barrier against replays, the client system used an additional key provided from the last secure session. Even if the key was somehow copied and the password was compromised, the account would lock the moment the unsynched key was presented. It was not bullet-proof, but with hundreds of users it protected a billion dollar banking system for years until it was retired. It was never breached.

                Although criticisms of cyphers speak to reducing a 128 bit key to effectively a 100 bit key, in practice such a lowering is not fatal because although the wall is radically reduced it is still very high. Attack on such a system is likely to look elsewhere rather than brute force attacks on keys.

                It is exceedingly difficult to defend against a well armed attacker, that much is certain. That is why the technique I suggested is a nice one to add to your toolkit. It can increase the power required of the attacker. Although the equipment you describe would annihilate a 56-bit DES key, it still cannot overcome keys even on the order of 256 bits (much smaller than I recommend for a system you need to be secure). If a network of 10^9 of the systems you describe is capable of brute forcing 10^50 keys a second it would still be unable to brute-force a 256 bit key. Using a technique such as I describe can extend the key easily by 20 or 30 bits or more, making it significantly more difficult to brute force a password.

                The weakness of password protected systems comes back to the human being in charge of assigning and caring for the password. In practice, the majority of passwords are trivial to crack because the mnemonics necessary for human beings to remember passwords create a formula that greatly reduces the effective key space. The cure for this is to ultimately require possession of both a reasonably strong password and some sort of secondary key.

                Good passwords are both easier to create and harder to create than most people think. For the purposes of cracking, the effective bit strength of a password like That!saLLIs4yFo!k5 is significantly lower than (prior to my revealing it here) WLHcgW0sHzo1Popy -- that last is a reasonably true* 90+ bits and (until this note) not at all likely to show up in even the largest set of rainbow tables.

                I am not unaffected by this discussion. Although I am well aware of the weakness of current systems, I confess that I am a little taken by surprise at the change in the balance between attackers and defenders. I expected this to happen, but last I looked, what was a theoretical vulnerability has become a practical vulnerability. Although I was aware of the breaches of large bodies of passwords, I did not realize the extent to which heuristics derived from the exposed passwords had been incorporated into working code.

                My concern has been largely theoretical and directed toward the frustrating intractability of randomness. I actually registered a domain name back in 2001 for the sole purpose of providing reliable third-party randomness as a service. Although still, I think, a long way off, I anticipate that defense against sophisticated techniques of attack against weak random sources can only be warded off by very strong random sources and strong random sources are more difficult to obtain than you would think.

                1. Trevor_Pott Gold badge

                  Re: Simple technique to increase cypher strength

                  I think the idea of a crypto system that relies on randomness and ever-increasingly large primes is fundamentally flawed. It's flawed because the system simply relies on entropy to be safe. "It's harder to brute" means nothing when humans are not nearly so different as they think. There are seven billion of us; there are an incredible number of us who chose the same "unguessable" password, or password patterns.

                  So while some of the techniques you mention do certainly raise the barrier to entry for the crackers, fundementally we need a chance in how we approach crypto. What that approach is, I honestly can't say. I'm not a crypto genius. We need a revolution that is to crypto what general relativity was to newtonian physics. That takes an Einstein. Someone who can think so far out of the box they redefine said box and it's interactions with the universe.

                  Until then, the bad guys will continue to get better and we will continue to be even more vulnerable. Thus my call for "trustworthy by design." Don't assume that ANYONE is trustworthy when you design your application; including yourself or whomever is going to run the application.

                  Do not rely on cryptography alone to secure data.

                  Establish and maintain data custody at all points where the only person(s) with access are those who the creator of said data authorized explicitly. Any hole that a "bad guy" can slip through, a "good guy gone bad" can get through even more easily.

                  1. Charles 9

                    Re: Simple technique to increase cypher strength

                    "Establish and maintain data custody at all points where the only person(s) with access are those who the creator of said data authorized explicitly. Any hole that a "bad guy" can slip through, a "good guy gone bad" can get through even more easily."

                    Which goes to a fundamental and probably intractable problem with data security. In order to be useable, SOMEONE has to have access to the data. As long as someone has access to the data, someone can impersonate them. Given enough resources, Mallory can be indistinguishable from Alice no matter the level of security you apply. Even physical security isn't foolproof: stolen devices and rubber hoses come to mind.

  15. Robert Helpmann??
    Childcatcher

    2nd Factor?

    There are 2 factor authentication alternatives to the described in the article, especially for corporate and government customers. For example, a common access card setup would force users to have the token, but does not by iteslf change the length of the password needed to access a system.

    The current trend for consumers is to push everything onto the smart phone, which is arguably a flaw in implementation... or perhaps a strength. Either way, as Mr Pott rightly noted, it represents security that users will find onerous. Because of this, there should be no real push to use these except for the most important of sites and transactions. While I would find mandatory use of 2FA an expectation for my banking site, I would be less impressed to require it for FaceBook, where I presume everything is public knowledge. Yes, the account is more vulnerable to being hijacked by this logic. So what? How does that compare to keeping my medical records secure.

    Adequate security depends on the data and function being protected, which is where I think a lot of sites go off the rails when setting up requirements of their customers. Sure, give them the option for something more, but unless it is really easy to use, the expectation should be "password" as the default. There always will be a balance between expectations and implementation.

  16. Anonymous Coward
    Anonymous Coward

    the off-line solution

    I have one password file (itself password protected), and it lives on my Psion Revo, which always comes with me, and which is not online.

    I back up the Revo to an old PC, also offline, and backups of that PC go to a second location.

    I change all my passwords every couple of years.

    I know it's not perfect but I'll take it over trusting online technology.

    When that day comes that we wake up and half the world's computers just say "zero" - an act of terrorism that could bring down entire societies - and that day may very well be coming, thanks to the Cloud, and the lack of thought in our technology that the article mentions - us 'Luddites' might just have a small chance. (And if so, we'll try to buy all the baked beans, then head for the hills.)

    1. Trevor_Pott Gold badge

      Re: the off-line solution

      How's that any different from two-factor authentication in terms of time required to execute? All the while being even less secure? As discussed in the article, 30 seconds-ish per login mounts up...

    2. Charles 9

      Re: the off-line solution

      When THAT day comes, not even your Revo will be safe because the act of terrorism will come through the AIR: think an EMP from an airborne atomic/nuclear explosion. Not even offline devices will be wholly safe from them.

      Plus there's always the risk of you getting mugged and the mugger nicking off your Revo WHILE you were using it (meaning the master password isn't needed, and they can nick everything else off before it has a chance to lock itself).

  17. ecofeco Silver badge
    Pirate

    EULA

    That's how we got here.

    "We don't care if our software breaks your PC and looses your data. Tough shit for you. Oh, and you don't own this either, like a say a book."

  18. bag o' spanners
    Devil

    I'm terminally paranoid about my passwords, because I value my privacy. So I don't store useful pws on a web enabled machine, and certainly not on a US based cloud.. The few that have real value sit safely in my noggin, and are seared into my neuronet by mnemonics that take absurdity to the limit.

    I've seen how lax security is on the wider web, so I don't have much faith in organisations who are barely one sniff away from being hacked. I'd include most public sector organisations and large banks in that particular Venn circle.

    If your clients are desperate to be cloudy, then they should be made fully aware of the risks involved, and the true cost of rock-solid security. Cheapskating on thin ice usually ends in tears, but it doesn't seem to deter the cheapskates.

  19. Allan George Dyer
    Boffin

    Anyone for PKI?

    FTW

  20. Tree
    WTF?

    I trust Gurgle and after that Bong (Cold mail, Dead mail, or InLOOK, or whatever)

    The above huge companies must be trusted not to track you or store your private secrets, right?

  21. Adam 1

    "easy to remember (and thus easy to crack) passwords"

    You could staple a horse battery to the amount of incorrect in the above quote.

    An easy to remember password doesn't need to be easy to crack. And I have seen plenty of "good" passwords which would take minutes to crack.

  22. Anonymous Coward
    Anonymous Coward

    Excellent article Trevor

    ...which has stimulated some very interesting discussion.

    Thanks!

  23. All names Taken
    Paris Hilton

    So? What's new?

    And I suppose we should add to the list:

    banks

    pension companies

    investors

    politicians

    police (ok, I accept perped up bobbies are rare but they exist)

    civil servants (heard any of that morality diatribe of late? Wonder why?)

    The above is not exhaustive nor is it meant to be. I just got disinterested with the way it was going and general negativity as it seemed to be becoming.

    Maybe the only angle is: trust those organisations you have formal trust agreements with but expect some in those organisations to be more than lackadaisical (or less if that makes better sense no?)

  24. Jim 59

    Don't say password, say passphrase

    A phrase is much harder to crack, and much easier to remember. Regarding password storage, I would never, ever put my password database on the cloud or give it to anyone else. Lastpass ? No thanks.

  25. Brangdon

    DropBox?

    What's wrong with using an open-source offline password manager (such as KeePass) with the password database protected with a long pass-phrase, plus a file synchronisation service (such as DropBox) to replicate it across all the devices you need it on?

    You can verify that KeePass never talks to the network, and DropBox never sees unencrypted passwords. The worst that DropBox can do is give your encrypted database to the Feds, but if you have used a long enough pass-phrase they won't be able to break it. One long pass-phrase is easier to remember than dozens of shorter ones.

    1. jkilgore
      Stop

      Re: DropBox?

      Careful with passphrases. Some issues are

      -Re-using known phrases (even partially) from books, politicians and so on is very insecure, as they can and will be iterated through by the government and the porkstars. For 15k Euro you can get a 32 Core machine with 128Gbyte RAM these days. This machine can already try all phrases out of all popular books in a matter of minutes.

      - Effective Entropy: You only get about 0.1 to 0.3 bit of "entropy" per character of your passphrase, if your opponent is some major government or a criminal top gun coder from Google or the like. It's easy to see why if you consider the English language: It has about 1 million words. That means you get at max about 20 bit per word. Those 20 bits are dramatically worn down by the fact that some words are much more likely than others (e.g. "tank" is much more likely than "haberdasher"). Then there is grammar, which further reduces the bits left: An easy-to-remember passphrase is more or less grammatically correct. So they don't have to iterate through "must can have like green", but only through sentences like "likes to eat green mice".

      So your passphrase should be very, very long and strange.

      More like "when I wander through the forest, looking at my marble shoes and singing a nice tune, I always think about unicorns farting yellow farts. This makes me love my creator, the glorious flying spahettimonster and his father, the yellow squirrel. We and the whole world descend from the yellow squirrel".

      -Don't use anything as a passphrase which can be derived from your person. The government will certainly pull all the data about you in order to build prospective passphrases. So if you are a hairdresser by profession, never use hairdresser words/expressions in your passphrase. Certainly don't use names of your relatives, friends, colleagues, birthday and so on.

      In short, an MD5 derived from a file full of your own gibberish (made by you hacking 500 times randomly on the keyboard) is probably much more secure and easy to use. Write it down on a piece of paper and carry that somewhere at your body. Don't write anything else on that piece of paper. Eat the paper when in danger of being apprehended. There's even special paper for that purpose. Have a copy of that in an airtight bottle buried in the ground at a place only you know. Cola bottles are excellent for that purpose. Can also be used for securely storing encrypted USB sticks.

    2. Charles 9

      Re: DropBox?

      That's actually the exact technique I use. I also don't put the key in the Public folder but instead put it in a dedicated directory which I sync using tools like DropSync, so the actual existence of the database isn't known to all and sundry. And since KeePass has an Android client, I can still access stuff from my mobile if the need arises.

  26. hugo tyson
    Coat

    7-layered...

    Just: love the extension to the ISO 7-layer model. For years in pub talk, we have used the extensions "Layer 8 - Political" and "Layer 9 - Financial" to explain otherwise incomprehensible phenomena, I mean when less-capable implementations win, when laws intended to do one thing rather outlaw everything else, and so on. Government and big business madness in general.....

  27. jkilgore
    Stop

    Commercial Password Security Issues/Insanity

    Major, stupid problems of password security are:

    -Password hashes are not stored in a dedicated system. A single SQL injection in a web shop will open the entire database. That's because the commercial world is full of lazy thinking and lazy people.

    -Passwords can often be brute-forced, as the "checking rate" is not properly controlled. In the Banking world, they lock your PIN after three failed attempts and that makes four-decimal PINs quite secure. Why can't we have something like this or Exponentially Growing Timeouts in the average commercial system ? Yeah, because the commercial world is full of lazy and corrupt thinking. Security is not a "selling point".

    -Highly insecure "password unlocking" features such as "mother's maiden name" and similar insane nonsense. Apparently they got all the big idiots from Obama to the Alaskan whackjob by exploiting that.

    If the commercial world used a dedicated, open-source "password/user" store/Linux distro on a dedicated machine, everything would be much more secure. The FOSS world could focus on getting that single system properly done and stripped down to the basic functionality. Instead everybody does a half-baked system in PHP and stores the hashes along with the application tables. Commercial thinking, again.

  28. Philip Lewis
    Thumb Up

    Obligatory XKCD reference

    http://xkcd.com/936/

    That being said, this was an exellent article and a most excellent discussion thus far. It seems articles, and importantly discussions, like this have become a rarity on The Register, and that is rather more than unfortunate.

  29. Pseu Donyme

    Exceptionally worthy article, quality discussion.

  30. Jin

    Why not try to expand the password memory capcity?

    At the bottom of all these headaches is a simple fact that humans cannot firmly remember any more than 5 passwords on average so long as we stick to numbers and texts. But it is not impossible to expand the password memory capacity. One such proposition can be found at

    http://mneme.blog.eonet.jp/default/files/expanded_password_system.pdf

    1. Charles 9

      Re: Why not try to expand the password memory capcity?

      Why not? For the same reason you can't make something foolproof: eventually the world will produce a better fool. While it's not impossible to expand the human memory capacity to an extent, there are usually limitations that are not well known to the system designers. What if one has a bad memory for faces? For images? For spelling?

  31. Trevor_Pott Gold badge

    For those who feel I am too paranoid

    Please, read this.

    1. btrower

      Re: For those who feel I am too paranoid

      @Trevor_Pott:

      Excellent comment.

      If anything, Schneier is soft-pedaling the danger. The U.S. government is a monstrous adversary already. It is (illegally by any sensible definition) killing people by remote control. It needs significantly less ability to interfere with people, not more. The best way to ensure the continued well being of thee and me is to push wealth and power down closer to the people. The State and Corporations should live in mortal fear of citizens pulling the plug. We should punish non-human entities by dissolution when they transgress. North Americans have been putting up with increasingly outrageous threats by the FBI every time they watch a video. We need to put an aversion to threatening citizens deep into the DNA of the State. Even asking for what they want should result in their destruction and replacement as an organization.

      1. Charles 9

        Re: For those who feel I am too paranoid

        But if you replace the government, what do you replace it WITH? Ever heard of the phrase out of the frying pan and into the fire? ANY government made by man will eventually be corrupted by the necessary human element. The only other type of government where the human element is minimized is the rule of absolute law: where the law dictates terms with no exceptions. We're not comfortable with that, either, because we're aware of the concept of mitigating circumstances.

  32. SDoradus
    Black Helicopters

    The PDF you link to (by David Cole) showing how contentious is the citizen vs immigrant rights debate is a wonderful bit of lawyering. Spot the straw man:

    "... in regulating immigration, "Congress regularly makes rules that would be unacceptable if applied to citizens." Yet fifty years earlier, the Court had stated that the Due Process Clause does not "acknowledge any distinction between citizens and resident aliens."

    The due process clause of the US Constitution covers "persons", not just natural persons but also legal persons (like corporations), who can benefit from constitutional guarantees. However, the constitution can't cover everyone in the world.

    In particular, due process benefits persons who are citizens or residents or US corporations, more than strangers within the gates - people not bound by US Law. That's why courts can declare 'due process" might well discriminate against NON-resident aliens. The rules for regulating immigration are applied to non-citizens and persons not YET resident.

  33. Miek
    Linux

    "This means that in the real world the system-local password manager is completely useless. If I am going to generate some uncrackable, randomly generated password string and store it in my password manager, then I need to get at that password from any device I use. This means I need a centrally accessible password store. Once more, this bifurcates my options." -- Use Keepassx. Place your Keepassx DB onto a cloud storage platform, such as, Dropbox. Then install Keepassx and dropbox on your phone and other computers. You then have a "local" password database that is shared over cloud infrastructure.

    1. Trevor_Pott Gold badge

      So they go to Dropbox, get the file, crack the encryption and pull out all my passwords. This helps me how?

      The key to that encryption (the master password) still has to be something a human can remember, which means it is vulnerable to a yottabyte datacenter run by evil men.

      1. Charles 9

        Perhaps, but it's easier for a human to remember ONE big password than 100 of them, so the master password can be as long and complicated as their memory can dare it. Which starts putting a strain on the yottabyte datacenter, which still has two intractable physical limitations: limited time and limited resources. And there are some things even a quantum computer can't readily speed up (such as lattice- or error-correcting-code-based encryption).

This topic is closed for new posts.

Other stories you might like