Re: [Cfrg] Passwords - rethinked

Otto Ersek <oersek@gmail.com> Mon, 07 November 2016 14:56 UTC

Return-Path: <oersek@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16B701298BA for <cfrg@ietfa.amsl.com>; Mon, 7 Nov 2016 06:56:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRsaSY6No903 for <cfrg@ietfa.amsl.com>; Mon, 7 Nov 2016 06:56:12 -0800 (PST)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A3FD129677 for <cfrg@irtf.org>; Mon, 7 Nov 2016 06:56:12 -0800 (PST)
Received: by mail-wm0-x231.google.com with SMTP id p190so188053698wmp.1 for <cfrg@irtf.org>; Mon, 07 Nov 2016 06:56:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=olsFaOdA1NtvtknCiifrZ7Ar1hT9hZj7D8oaWth0VoM=; b=gj+Vm/ydAko3UxnwOE5At2XhuVd60+pTLcgdjFqo5gZK3Qz7wjZChEGTGuWjFCaU/x z1YikonzfMysAb/af66MylD/IG92qn3LH+rWeqHt3bAykVUWP9dBQ/LP712Nbjt73WoQ aeoeWTPMxsWdPx+2iIFdJjFQJDJoDEAU+pycZaYldFF8EA6E0NLaADoU6qM2GvRm+8tC GNQpYS6O3oYFLqfmcY6br7mti2OLX1JZ5Gzg8aEITibCRWYBacXH5N3yBFw8mm/mYmLG 6g7mfPxnD9bXOSfJE7xkucoDTd5ayOwsL44ExluSPIvloD9Zli1LmB1nAqb5Sqg8TFGj NBhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=olsFaOdA1NtvtknCiifrZ7Ar1hT9hZj7D8oaWth0VoM=; b=XCHMZ2JSw8HlQ72W1hyovL2oS/7luQHIR3uW7aPG/lnok7PgGntgx9BfSa11g3HeSx uSraODGvGo9mzLnd/33Ugy+9t31Ii+0Tlu8ujbD6VzlhChLXtiNDePdex6xCstHAnP+N nG8cdc/yRDr1QLJRVvUaBQy6950jWJnWcwo2IJpjCm/hw5hTpWGIqpoA7+MoY/uM7Xb/ fWCnNrO1SchjmWz3LzQMGxfAdOfz/InN+8ykhqu24d1tfWr8m8OJS8RiJhVnqPXL+bQ/ JMbAcxGDCLkCSX9ZqNdfonDwRVvavdgAwU4yqnKt80h/ONATd4HgpFwBWdjHI4R5N2Tm G//Q==
X-Gm-Message-State: ABUngvc2QOcGBuia55zBhgX8b2Xh89t0e2KyrX8xvgqj4brpFL3zH9zSO0Dn8zr57BhquQ==
X-Received: by 10.28.67.69 with SMTP id q66mr4093117wma.22.1478530570245; Mon, 07 Nov 2016 06:56:10 -0800 (PST)
Received: from [192.168.0.102] (91.141.3.227.wireless.dyn.drei.com. [91.141.3.227]) by smtp.gmail.com with ESMTPSA id f4sm13977608wmd.15.2016.11.07.06.56.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Nov 2016 06:56:09 -0800 (PST)
To: Yoav Nir <ynir.ietf@gmail.com>
References: <7c00f6cb-5b95-e042-5c39-fa1d2348a1c7@gmail.com> <4ACEEE20-0914-4F91-B79D-BEC78621D3C5@gmail.com>
From: Otto Ersek <oersek@gmail.com>
Message-ID: <bca5921b-8391-d722-5b42-6910b276cfad@gmail.com>
Date: Mon, 7 Nov 2016 15:56:08 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <4ACEEE20-0914-4F91-B79D-BEC78621D3C5@gmail.com>
Content-Type: multipart/alternative; boundary="------------03720B08D49FE2E9801DBE02"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/76fdTd8eX5SRMRiKMeFnJ7thwwo>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Passwords - rethinked
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 14:56:15 -0000

Dear Yoav,

1. That's correct, it takes definitely longer, my wife was using "1982" 
as password now at least she has to "hide" it in the textfile (I changed 
1982 as well :-) )

2. The idea was to combine it with a password manager (unlock it using 
the secure pass)

3. And one should be able to submit the source text to the other end. 
Meaning send your source text to the admin to use it for your 
authentication procedure.

My sister (studying psychology) will conduct some research on this. 4 
different text files (a) famous quotes, b) short story, c) random data,  
d) foreign language text) to see if there will be collisions.

Your points are all valid,.. the idea was to provide means to 
additionally strengthen "weak" password by providing "more" ways for 
"input".
(Your example is great using a) changing capitalization and b) appending 
123, but even this weak modification is a hell of a brute forcing job)

No way remembering 15 different texts and the modifications that's 
clear, but I remembering 15 base95 passwords is not possible either,...

Thanx a lot for your feedback, I really appreciate it!
with kind regards

Otto


On 11/07/2016 01:43 PM, Yoav Nir wrote:
> Hi, Otto
>
> Just imagining using this, I can see two downsides:
>
> 1. I can type my password is under a second. Editing this text field 
> will take me a while (30 seconds?  Probably can get it down a bit)
>
> 2. If each website, SSH server and FTP server that I connect to 
> presents me with a different text (depending on the administrator’s 
> preference for Tolkien, Conan-Doyle or Roddenberry) it becomes harder 
> to remember how I edited each one.  So I end up with something like 
> flipping the capitalization of the first word, and adding “123” before 
> the last word:
>
> ####################################################################
> nEXT morning, after breakfast, we found Inspector MacDonald and White
> Mason seated in close consultation in the small parlour of the local
> police sergeant. On the table in front of them were piled a number of
> letters and telegrams, which they were carefully sorting and
> docketing. Three had been placed on one side.
>
> "Still on the track of the elusive bicyclist?" Holmes asked
> cheerfully. "What is the latest news of the 123ruffian?"
> ####################################################################
>
> How original am I?  Probably as original as all those people with 
> password “Passwd123” and slightly less than the l33t haxxors who 
> choose “pa55wd123”.  I’m guessing there will be a (relatively) small 
> number of transformations everyone will use and so the dictionary 
> attack does not go away.
>
> All this is idle speculation, though.  This requires an experiment 
> with real people (preferably not all of them college-age) to test that:
>  1. They’re willing to use this even without promising the $100 every 
> time they succeed.
>  2. They can perform the task within a reasonable time.
>  3. They can perform the task even when they have 20 different sites 
> with 15 different texts.
>  4. They can perform the task after not having used the site for a week.
>  5. There is enough entropy in the transformations that they come up with.
>
> A lot of authentication methods fail on usability. I suspect this one 
> might.
>
> Yoav
>
>> On 1 Nov 2016, at 7:58, Otto Ersek <oersek@gmail.com 
>> <mailto:oersek@gmail.com>> wrote:
>>
>> For 50 years we were using passwords and have built up paradigms to 
>> end up with something like this: JW=?mt%3D5z!.*zNpC as a standard 
>> password.
>>
>> First of all the good news, we don't need a long "password" to 
>> authenticate 4 base64 characters will do the job.
>> But this is not secure enough, to use the standard way.
>> Therefore let us completely change the way we submit a password.
>> And most importantly let us do the whole procedure in a human way
>>
>> The idea/concept is as follows:
>>
>> INSTEAD of a blinking login prompt sitting there and waiting 
>> desperately for a user password -> JW=?mt%3D5z!.*zNpC
>> let us present the user a simple text edit field with a short story 
>> in it, which can be any text, no need to keep that secret, everybody 
>> might even use the same!
>>
>> For example:
>> Kindly borrowed from the project Gutenberg.
>> Arthur Conan Doyle, THE COMPLETE SHERLOCK HOLMES, The valley of fear, 
>> The Solution
>>
>> Original text as it could appear to the user:
>> ####################################################################
>> Next morning, after breakfast, we found Inspector MacDonald and White
>> Mason seated in close consultation in the small parlour of the local
>> police sergeant. On the table in front of them were piled a number of
>> letters and telegrams, which they were carefully sorting and
>> docketing. Three had been placed on one side.
>>
>> "Still on the track of the elusive bicyclist?" Holmes asked
>> cheerfully. "What is the latest news of the ruffian?"
>> ####################################################################
>>
>> But how can a 100 years old text help authenticating today?
>>
>> What if we change the above text “slightly” to the following (sorry 
>> Dr. Watson!):
>> ####################################################################
>> Next morning, after breakfast, we found Inspector McDonald and White
>> Mason seated in close consultation in the small parlour of the local
>> police sergeant. On the stable in front of them were piled a number of
>> letters and emails, which they were carefully sorting and
>> docketing. Three had been placed on one side.
>>
>> "Still on the track of the eXClusive bicyclist?" Holmes asked
>> cheerfully. "What is the latest news of the ruffian?"
>> ####################################################################
>>
>> Sha512 of the "original version" is
>> 686027BE2595FF6BB7B7E0737D40B552753424D30D7B06CFA617165C022E256D
>>
>> Sha512 of the "modified version" is
>> C958DA6B2BC84AD4DEEE453E8654C94502A5F66E9B4E353937F9663A1A22CF04
>>
>> Well and that's it! Use the hash as an auth string,...
>>
>> PROPOSAL:
>> To achieve an estimated 36bits of security per round choose an 
>> arbitrary starting text of at least 1024 characters.
>> Copy some selected text and paste it somewhere into the text PLUS 
>> type before or after pasting some character from A-Z,a-z,0-9 (Yeah!!! 
>> No special characters needed! But if you really insist on using them 
>> go ahead)
>> Repeat 3 times. So in total 36bits x 4rounds = 144bits
>>
>> As long as we keep the changes made to the original text secure and 
>> follow the given proposal we should get a security level > 128bits, 
>> which is considered "secure" by today's standards.
>>
>> Summary:
>> 1) We still need some "password" but 4 characters should be 
>> sufficient. Further we need to remember the copy & paste sections. In 
>> total 4 + 4*3 = 16items to remember, but we have the original text in 
>> front of us as a visual guidance while doing our changes.
>> 2) The way we provide passwords has changed, not a blank field but a 
>> story is presented to us for us to make deliberate and memorable 
>> typos in it
>> 3) This should be easier to remember than the following 
>> funny-random-senseless ................... 24 character and 22 
>> character long strings:
>>
>> JWmt3DEz4VYEwQOhRKzyiWmA
>> ZF7IwsBlxGwwnvMLjpSMy9f3
>>
>> or slightly "shorter":
>>
>> }cM3MdgP'=\els6toBvTo[
>> u]o{^`>Mimn o_wlS}'.Ie
>>
>> For optional top notch security one may pick: arthur conan doyle, 
>> append shakespeare twice, append lord of the rings, append 
>> whatever,... but don't infringe copyright, only use books/texts you 
>> own! Then ask the user to authenticate in that file, and ask for more 
>> than 4 rounds,... but this is most likely overkill :-)
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org <mailto:Cfrg@irtf.org>
>> https://www.irtf.org/mailman/listinfo/cfrg
>