> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] > On Behalf Of Josh Smift > Sent: Thursday, September 17, 2015 4:27 PM > > I feel like the phrase "reusing passwords on different sites" is a little > misleading, because the whole point here is that you don't *ever* send > "your password" to *any* site, right?
You're still using your password, if you're authenticating with your password, even though you don't send your password. You're proving you know it, without exposing it. > It's more like "using the same passphrase on your SSH private key for > different sites", because the passphrase never leaves your local device. More like "deriving the SSH private key from the password," rather than storing an ssh private key encrypted and then using the password to unlock it. BTW, storing the strong random ssh private key with password is stronger crypto than deriving the private key from the password, because there's presumably more entropy in the randomly generated key, than there is in your password. SSH private keys are here to stay - for anything where people are comfortable with the usage pattern that requires access to a key file or whatever. But many new authentication schemes have come and gone over the years, trying to get users to adopt some kind of key manager or carry a device. Users don't accept it. Users want to simply use their passwords. So take it as given that the regular user doesn't have a key storage device. The only secret they have is the low-to-moderate entropy password in their own brain. Let them prove they know their secret, without exposing it. > I also think the "should be OK" phrase is confusing: I first thought that > you meant it in the sense of "should be considered OK", as in if someone > did this right now today given the current state of things, we should > consider that to be OK, and not a problem. I think what you actually mean > is "doing this is not currently OK, and we should change the state of > things so that doing it is OK", right? Yes. "SHOULD" be ok. Is not presently ok, except on Synctuary. Actually, I have no idea what other services out there are currently using CBCrypt. I see it's been downloaded several hundred times from nuget, and I certainly know Concept Blossom doesn't download it that many times. So are people using it? Or is it the NSA trying to figure out a backdoor? Or is it robots? I dunno, but I like to believe people are at least considering using it, if not actually using it. > I'm didn't entirely understand the complaint about using asymmetric > cryptography to solve this problem. No complaint. Asymmetric is necessary. The only complaint would be, even if the user doesn't have a key manager or storage device of some kind, we should be transforming the password or other secret into an asymmetric key, so the user can prove they know their secret without exposing it. > You say "CBCrypt deterministically generates a public/private keypair > unique to each specific user, on a specific server, using a specific > password. Any variation of any of these factors results in an entirely > different and unrelated keypair." which makes sense, but it's not clear > why having a separate keypair for each server is better than having a > single keypair for all servers. There are 3 purposes for a salt. (1) to prevent easy detection of password reuse by different users, (2) to prevent easy detection of password reuse on different servers, and (3) to force a time constraint on brute force calculations. It is desirable to generate different public keys to authenticate against different servers, and different user accounts on the same servers, because otherwise principles 1 & 2 are violated. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
