[Mathmesh] Alternative approaches to Web passwords
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 19 November 2019 02:38 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: mathmesh@ietfa.amsl.com
Delivered-To: mathmesh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70DA6120BBB for <mathmesh@ietfa.amsl.com>; Mon, 18 Nov 2019 18:38:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.244, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ix9aBAHk0zdS for <mathmesh@ietfa.amsl.com>; Mon, 18 Nov 2019 18:38:20 -0800 (PST)
Received: from mail-oi1-f196.google.com (mail-oi1-f196.google.com [209.85.167.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F974120800 for <mathmesh@ietf.org>; Mon, 18 Nov 2019 18:38:20 -0800 (PST)
Received: by mail-oi1-f196.google.com with SMTP id n16so17473921oig.2 for <mathmesh@ietf.org>; Mon, 18 Nov 2019 18:38:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AvIyTsBn1JLF2W3+2q2S3+7hPxzG2dbjM9mNj7wLYcc=; b=Rz8MoOc4UFQHY2ycikD5/PN/YvYcSmAdYXhxYzLdMke1aAxqAetN7/1Rppp10/tzRq 2/3llx2/Gu8pQs9W3hT8rvMfNJ14pFkB5yuOMfWIbnX1AD2QJzXLQtiaveHc+hzmr0UA Nt8dXOEEAMNsBMcKd9V1kFCkxNgJP8j8PwTYIHXW17lnLPkoVK97C4baEb6i3U0ISImn joJcPYZUEb8G36GmkHCxTUd7PkDxIdBCEZItiU4RM8ofrjRsN6Ftk5AoFDsZ2KLZFe1h /Qx1Ta0xsBMn+U+iTptvUpTe0GPD1neUGpdtz9/bair0gDgHIW4bNGdo0dQxRiBkQDOT zvqA==
X-Gm-Message-State: APjAAAUCkGz3KHs2zDVkSryMR2gNoNMoFmLEvZNMExdzQCM6y02+S6Av ZCNHp/iRpxIceJhou0lrezI+N1vKEgBYKyyKNvaG9rDxWlc=
X-Google-Smtp-Source: APXvYqzABRQF4o0IhWuiGuwZse1NuugCZ8VPwkHbRWyA7evNMmLcL156oPSWtK5TwMmpJXQjqQLiPWR3iOUrVsz5Yh8=
X-Received: by 2002:aca:1a03:: with SMTP id a3mr1976430oia.58.1574131098846; Mon, 18 Nov 2019 18:38:18 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 19 Nov 2019 10:38:06 +0800
Message-ID: <CAMm+LwhaxoWqONv6neYYzf+7=R3hkbuTwR52y9kz57WG==U+Vg@mail.gmail.com>
To: mathmesh@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fa09c00597a9f4ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mathmesh/-diOh8AX4CWJ53qQ61g7oG7Nt3M>
Subject: [Mathmesh] Alternative approaches to Web passwords
X-BeenThere: mathmesh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <mathmesh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mathmesh/>
List-Post: <mailto:mathmesh@ietf.org>
List-Help: <mailto:mathmesh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 02:38:21 -0000
1) The Mesh Password Manager is not intended to be limited to the Web Browser application and that is probably not the early adopter area. 2) Early adopter might well be SSH key management + functional passwords for scripting etc. That said, I began thinking through the issues of Web password security in isolation last night and I think there is actually another approach that doesn't involve the Mesh infrastructure that is a really low hanging fruit. The core problem of Web passwords is that users have too many of them. 250 in my case (I just checked). So of course they are often repeated, that is inevitable. And they are also horribly weak. So my idea is a combination of HTTP Digest auth and the ideas in Russ Housley's draft on Quantum security hardening of CMS. Each user has at least one password salt that is generated with a decent amount of randomness. It might look like this: NCE2-VJXS-X5AR-BVRI-73HO-POOA-STAA This is short enough to be typed in by the user when they change machines. It is not quite a password though. It is a salt that we are going to add in to every password the user enters. So now we change the password dialogue so that when the user enters a password in a particular form, a KDF with the supplied password as the IKM, salted with the user nonce and then salted with the host domain is used. So Alice goes to example.com, enters #password into the password box. The # is recognized as meaning 'use the KDF scheme' We then calculate the PRK: PRK = KDF1('password'.UTF8(), 'NCE2-VJXS-X5AR-BVRI-73HO-POOA-STAA'.UDFData()); The password used is: Password = Passwordify ( KDF2(PRK, 'example.com'.UTF8()); Where 'Passwordify' is a function that ensures the generated password meets a generic profile (e.g. 16 chars, at least one upper, lower and symbol character) This approach is essentially password hardening for transport. There is abundant prior art. This approach can be used in combination with traditional password managers but we now store the scope across which the password is used and the constraints on the password generation profile rather than the password itself. What I like about this approach is that it allows me to divide my passwords into two buckets, the ones that protect my assets and the ones that don't. I make absolutely no apologies for not wasting my brain space remembering a password for anyone else's benefit. So NYT, the password I enter might be #, same for WaPo, etc. etc. But for Fidelity it would probably be #mysecret which is giving an additional bit of security above and beyond the embedded secret. The main limitation of this approach is that it makes password sharing between users very very hard. Which is quite possible a feature rather than a bug.
- [Mathmesh] Alternative approaches to Web passwords Phillip Hallam-Baker
- Re: [Mathmesh] Alternative approaches to Web pass… Michael Richardson