The content of this blog is my personal opinion only. Although I am an employee - currently of Imagination Technologies's MIPS group, in the past of other companies such as Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Friday, June 08, 2012

The trouble with passwords

Security breakins leading to password exposure have been in the news this week, what with LinkedIn.

My last blog, about how biometrics are only a partial solution, was prompted by this. Actually, prompted by a National Public radio item on the LinkedIn breakin.

Security is getting mindshare when it hits NPR.

LastPass makes me feel a bit complacent, since I now have big different random passwords on nearly all of my sites, and, supposedly, LastPass never actually holds the unencrypted passwords. Supposedly the passwords are encrypted before being sent to LastPass.  So, a breakin at LastPass should NOT lead to password leakage, unless the crypto is poor.  (On the other hand, LinkedIn apparently encrypted its passwords, but did not salt them - so their crypto WAS poor.)

(Actually, I must admit: I only recently started using LastPass. All of my newer sites used LastPass, but I still had some old passwords that were pre-LastPass, human memoragble and therefore weaker.  None of the them were the same as my LinkedIn password, but I changed them anyway. I hope I changed them all... It's quite a challenge to scan your password list looking for weak passwords, given the interfaces. That is something I'd like automated - but then again, so would the bad guys.)

If LastPass' crypto is not broken, then the weakness for LastPass is at my end: looking at the passwords via my browser.

But, anyway...

If LastPass' security is good enough - nothing is secure, but probably it is better to look for other problems to solve - then what needs fixing more? I.e. what cloud services need improved security more urgently?

Well... LastPass supposedly doesn't access unencrypted passwords, but account aggregators like Yodlee and Mint do.   These services log into many, many, bank and other accounts, so that you can see all of your financial data in one place. Of necessity, if they do this while you are offline,
then they have access to all of the passwords.


If Yodlee or Mint are broken into, then thousands, perhaps millions, of people's financial information is exposed.

(Interestingly, the old Wesabe, a dead company in this area (now open source), was adamant about not keeping passwords - or, rather, encrypting. Decrypting passwords only at your PC. But IIRC this meant that Wesabe could only aggregate when your PC was connected. Which loses if your only PC is a laptop, often not connected overnight.)

OK, how do we address this:

* we want no single aggregator to store all of the passwords, so that they can be broken

* aggregators necessarily, given the state of the art [*], have to send passwords (albeit over SSL)

How about:
Split the passwords.
Let no single cloud service store all of the password.

Let the aggregator service be stateless wrt passwords. Let it access 2 or more password storage services, and get all parts (both halves) of the passwords needed to access the user accounts.  Access. Download. And then forget.

Breakins at any single one of the password storage services would not disclose all (encrypted) passwords.

A breakin at the aggregator would not disclose stored passwords.

But... if the aggregator was pwned, then the badguys could be intercepting the passwords on the fly.


We can get ornate, and imagine websites "calling back":

* aggregator  tells PWstore1 and PWstore2 that it is about to access website W
* aggregator accesses website W
* website W calls PWstore1 and PWstore2 to check


Plus, of course, generic challenge/response instead of entering passwords into boxes.


Passwords would need to get longer so that the split passwords are not so vulnerable.


There's probably some fatal flaw in what I propose above. Embarassing.  But I no longer care to remain silent and avoid embarassment.

No comments: