MSE guide discussion - 60 seconds on password managers

securityguy

Fightsback wrote: »

For now, until quantum computers. :eek:

Quantum computers destroy our current public key systems, so we lose RSA and DH: both integer factorisation and discrete logs fall to Shor's algorithm.

However, it's not at all clear that it present a serious risk to symmetric crypto and hashes. It's strongly conjectured that it basically reduces a problem's complexity to its square root, or halves the number of bits. So a pre-image attack on 256 bit hashes is a 128 bit problem on a quantum computer. However, (a) 128 bit hashes aren't breakable other than by flaws in the algorithms and (b) it's unlikely that quantum computers will be as fast, in operations per second, as conventional machines, so the speed up won't be as great as at first appears.

We have 256 bit crypto, and 256 bit hashes, to provide a safety margin against flaws in the algorithms, but if we could be sure there were no such flaws, 128 bits would be fine (demonstrable with arguments on energy per operation, not current technology). QC reduces 256 bits to 128 bits, so we lose that safety margin. Moving to 512 bit hashes (which we already have) and 512 bit crypto (which we could trivially construct using triple-AES) would defend against QC assuming both flaws in the algorithms _and_ quantum computers as fast as conventional machines.

The public key stuff, however, is a horse of a different colour. That is decidedly nasty, post-quantum.

Code

Sorry but there is terrible advice in lots of this thread, and in the article. I'm on my phone right now so i can't write a full response, will try to do so later.

However in short:

Reusing passwords ANYWHERE is terrible advice
Using massively complex passwords you can't remember and requiring you to write them down is terrible advice
Using password managers installed on the device you're using is terrible advice
Using password managers at all is not great advice
Relying on the security of hashes (sha1 style) is poor advice

Fundamental fact: it does not matter how well your data (passwords or whatever) is encrypted, a) the decrypt key must be accessible and b) the data must be decrypted before use.

Therefore the best advice is simply this:
Use sentences as passwords, they are easy to remember, don't require writing down and are as secure as anything rise

Don't reuse passwords ANYWHERE, unless you truly don't care about whatever those passwords protect

And most importantly:
Make sure your endpoint (computer) is secure, because without that it won't matter how good your password is, if your endpoint is compromised then you have no security.

I'm sure there will now be a run of people looking to tell me I'm wrong, but there you go.

securityguy

"Reusing passwords ANYWHERE is terrible advice"

"Use sentences as passwords, they are easy to remember,"

I have 499 accounts, each with a different password. I think "easy to remember" is somewhat relative.

The entropy in the much-vaunted "first letter of words in sentences" strategy is about four bits per word, at best, so a ten word sentence yields a password whose hash is crackable in less than a second. I would take some convincing many people using this strategy are even at ten words.

"Using password managers installed on the device you're using is terrible advice"

And yet recommended, as part of a risk management strategy, by both CESG and by ISO 27002:2013.

https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach

Two Factor is better, and password vaults certainly aren't a panacea. There are various projects to build specialised hardware for password vaults, but there are both practical and theoretical problems with doing it. Endpoint security is a major issue, as you say.

But personally, I would argue a well-implemened password vault on hardware I control is preferable to any of the other proposals for dealing with passwords. Passwords are over, in the sense that all the solutions are weak, but right now "bad guys steal the hashes from sites you use and brute force them" appears a much bigger risk than "bad guys steal plaintext from your device".

But your advice is somewhat circular, because if you "Make sure your endpoint (computer) is secure," then password storage on it is an acceptable risk, and if it isn't secure, then nothing can help you as keyloggers get you every time.

securityguy

Here is the current National Cyber Security Centre, previously (bits of) CESG and GCHQ, advice on passwords:

https://www.ncsc.gov.uk/guidance/helping-end-users-manage-their-passwords

It's hard to argue with this (my emphasis):

"Password managers (like any other piece of software) may be compromised, so consider the risks. Tell users that they should not store critical credentials (such as the details for administrator accounts) in password management software. Allowing users to store most of their (less important) passwords gives them greater capacity to remember the critical ones. "

esuhl

I store all my "important" passwords in a plain text file, which is stored in an encrypted VeraCrypt volume. Every password is different.

I avoid copying/pasting passwords to avoid having sensitive information stored in the clipboard.

Then there are less-important passwords (like the one for MSE) that are still unique, but easy to remember.

Code wrote: »

Reusing passwords ANYWHERE is terrible advice

Rubbish! There are so many sites that require you to sign up for an account when you don't really want one.

All sorts of random forums you're only going to visit a few times, Youtube (to see age restricted videos), online TV catchup sites, test accounts where you want to sign up with fake details just to have a look around.

I try to use the same username and password for all of them. And I use unique "disposable" email addresses to register. I'd almost be happy to publicly post the username and password, aside from the fact that someone would change the password and I'd have to set up another account.

Code

All the suggestions along the lines of "I store my passwords in X which is encrypted by Y" lead back to the same problem. You have gone to the trouble of setting up individual credentials on multiple services, and then basically negated it by storing them all in one place protected by a single mechanism.

This is the absolute opposite of defense in depth - a key tenet.

Using password managers relies completely upon the security of the application, and the security of the device the manager is installed on. Let's also assume that the encrypted password database is uploaded to a cloud service so it works on all your devices (a la lastpass). And finally let's agree that the passwords stored in the manager database must be decrypted before use, and the manager can auto-fill forms on a site (again, a la lastpass).

In that simple but accurate scenario, you are massively increasing your threat surface. You are now exposed to insider threats, malware across multiple platforms and devices, and more. A couple of simple examples:

• Local attacks by malware (e.g.: atombombing or other attacks) can trick password managers into disclosing passwords in the database.
  
• Insder threat in the password manager code (not a theoretical threat, look at Sage, or the last version of Truecrypt, or the Juniper firewall code issue) creates a backdoor to data

All of these manifest purely because you've consolidated all your risk into one place. Without a password manager, you might still be at risk of malware, but that malware cannot get at all your passwords if they're not there. Without a password manager, you are reducing your threat surface.


securityguy: I doubt you have 499 critical accounts. You probably have maybe 20 important ones - online banking, hosting, email etc. The rest will be protecting data at a low classification. And, as I said before, my comments were aimed at data you feel is confidential, not data you don't care about. I don't really want to get into a data classification discussion!

A well implemented vault on hardware you control may well be an acceptable solution, but clearly you also have a level of tech expertise to ensure your endpoint is secure. The majority of people don't.

My argument isn't circular, because the security of the endpoint is independent of the security of some data vault. Just because your endpoint is secure "today", doesn't mean there won't be a vulnerability tomorrow. By simply not using a password manager, you're reducing the risk should a vulnerability manifest. This is straight forward risk management planning.


esuhi: same comment as above. I explicitly said my comments were not aimed at data you don't care about. Sure, use password managers for watching youtube videos, because it doesn't matter. But if you use your youtube account for revenue generation, I wouldn't trust it.



The CESG advice is quite literally that - general advice for the public. I don't know how familiar you are with government systems, but I can guarantee you that you can't use password managers to store credentials for protectively marked systems. They don't feel their advice is actually secure for secure government systems. Make of that what you will.

Fundamentally I know that most people will come up with all sorts of pseudo-tech arguments about salted hashes and entropy to explain why I'm wrong and password managers are fine, and I won't convince anyone otherwise.

However if one person reads this thread and thinks "maybe I shouldn't consolidate all my risk into one little piece of software", then that's good enough for me.

I shall leave you with this image (https://xkcd.com/936/)

esuhl

Code wrote: »

All the suggestions along the lines of "I store my passwords in X which is encrypted by Y" lead back to the same problem. You have gone to the trouble of setting up individual credentials on multiple services, and then basically negated it by storing them all in one place protected by a single mechanism.

Sure, but what's the alternative?! You really think you can memorise hundreds of unique passwords without recording them in any single place?

As above, my passwords are encrypted in a VeraCrypt container. I believe that to be extremely secure. The only copies exist on my PC and backup drives -- there is no cloud synchronisation, etc.

By using a simple text editor, I can be fairly confident that it can't be hacked to upload file contents (e.g. unlike MS Word, which could, in theory, run malicious scripts).

Your method (of memorising hundreds of unique passwords) means that inevitably you will forget them frequently. Then you will need to request password resets, which put you at a greater risk of having your new details intercepted.

S0litaire

Why bother with annoying, tedious, long passwords

Biometric based password/security... Built in iris& fingerprint scanner on every device!!

Problem solved…
Lol ^__~

Code

esuhl wrote: »

Sure, but what's the alternative?! You really think you can memorise hundreds of unique passwords without recording them in any single place? .... Your method (of memorising hundreds of unique passwords)....

No, I don't, but that's explicitly not what I'm saying. As above, you probably only have about 20 truly critical credentials - banking, investments, primary email etc.

An alternative is to store a reminder for those. For example, if your password is (like the image) "horse battery staple", you could store "charge in the saddle" and that would be enough of a reminder without making it possible to extrapolate the actual password if someone got hold of the data.

Data classification best practice is that you focus on the truly important, not on everything.

esuhl wrote: »

As above, my passwords are encrypted in a VeraCrypt container. I believe that to be extremely secure. The only copies exist on my PC and backup drives -- there is no cloud synchronisation, etc.

I'm sure Veracrypt is fine as far as we currently know, but I'm also sure people using Truecrypt felt exactly the same way:
http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/

Can I ask you to upload a copy of your container (with all your credentials) to dropbox and post a link to it here? You're happy it's secure and always will be, right?

And, leading back to your "hundreds of passwords" point - if the only copies of your container are on your PC, how do you remember credentials when you're not at home? Possibly, I assume, because you only have a small number of regularly used, important ones that you can remember.

Anyway, to the original question on the MSE article - I really think the article should be rewritten and the advice should be changed. At the very least it needs to point out that if you are insistent on using password managers, you have to be absolutely and completely certain that your endpoint is secure and remains so. The advice as it stands actually increases risk, not reduces it.

In light of that, stats like these are scary:
"Testing business users’ ability to detect online scams, the McAfee Phishing Quiz uncovered that 80% of its participants failed to detect at least one of seven phishing emails"
http://www.mcafee.com/uk/about/news/2014/q3/20140904-01.aspx

esuhl

Code wrote: »

Can I ask you to upload a copy of your container (with all your credentials) to dropbox and post a link to it here? You're happy it's secure and always will be, right?

Don't be silly. Obviously, part of the reason I consider it secure is that I don't make it available to others via the internet.