The Great Hash Bakeoff: Infosec bods cook up next-gen crypto Cryptographers are limbering up for a competition aimed at developing a next-generation password hash to create a better means for websites to store users' login credentials. In total 24 submissions have been made to the Password Hashing Competition. Cryptographers will now test the effectiveness of the two dozen entrants by …
Passwords in 2014? Why aren't we using something more secure?
Indeed. Passwords should have gone away in the 1980s. Even moving to passphrases would be a huge improvement.
There are still sensitive-data consumer sites - Charles Schwab's investor/banking site, for example - that not only don't support passphrases, but have ridiculous limits on the passwords they do support. (Schwab's are limited to 8 characters and don't allow most punctuation, let alone non-ASCII. Someone there really needs to be fired. Even if the back end has those limitations, the front end could allow much better passwords and hash them down into something that meets the backend requirements, which would provide much better usability and make it harder to guess passwords.)
> attempting to break them over the next 12 months ... attacking all submissions in every way possible
One would hope (but not expect) that these attempts would extend into the world of social engineering and coercion - just as they would in the real world.
Password security has technical integrity as only one part of the whole regime.
The ideal password security system would contain features that would be unknowable to, or unusable by, people to whom the security credentials did not belong
The ideal security system would contain features that would be unknowable to, or unusable by, people to whom the security credentials did not belong.
Which all falls apart because, by necessity, someone has to do the authentication. Not even the most ideal security system in the world can defeat an insider. And since insiders can be near-perfect moles in a world where it is difficult just to find out you have a mole in your midst...
The ideal security system would contain features that would be unknowable to, or unusable by, people to whom the security credentials did not belong.
Which all falls apart because, by necessity, someone has to do the authentication.
Authentication protocols based on zero-knowledge proofs, such as SRP and PAK-RY, satisfy precisely this criterion: no one but the owner of the credentials knows the secret. Authenticating parties only possess an authenticator, which can be used to authenticate, but not impersonate.
Not even the most ideal security system in the world can defeat an insider.
Since the term "insider" has no technical definition, that's an empty claim. You can always apply Descartes' evil-genius thought experiment to show no security system is perfectly secure, because users can never guarantee that their senses or processes of thought have not been compromised.
In any case, "ideal security system" is not a well-defined term. A system is only secure (or not) in the context of a threat model, and then usually only probabilistically and/or in relation to work factors.
The ideal password security system would contain features that would be unknowable to, or unusable by, people to whom the security credentials did not belong.
Given the repeated findings that people give up their own passwords under the flimsiest of pretexts, the ideal system would contain features unknown to the very people to whom the credentials do in fact belong.
Given the repeated findings that people give up their own passwords under the flimsiest of pretexts, the ideal system would contain features unknown to the very people to whom the credentials do in fact belong.
Which kind of puts you in a dead end since a credential has to be presented in order to be used as a credential. How can someone present a credential they don't even know about?
Plus, as I've previously mentioned, who authenticates the authenticator?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
