Instead of requiring user to type in all 3 of PIN, Keyword and Password, have them type only one secure pass-phrase and derive the required credentials internally.
Was there an RFC for this that I missed? Any discussion on how this is architectured?
Edit: review here
I am glad to see this. While a second factor is nice, it is useless if it doesn’t come from a separate place anyways. I think those that want to leverage 2fa can use their favorite password manager. 2fa setups are not standard enough to bury in the core or the launcher anyways.
Also, I at first questioned whether a chopped up SHA 512 hash is a legit KDF. I saw http://crypto.stackexchange.com/questions/27607/sha512-vs-hkdf-key-expansion and read some other things which gives me more comfort.
The downside of combining these things is that you now have only a single item which can be poorly chosen by the user, making the guess of all three items more trivial than if they were separate. But we can’t always save users from themselves. Just worth knowing that someone whose password is guessed as
hunter2 now means all of the secrets can be obtained instead of separately.
No, but there will have to be. Right now it’s a usability verses security feature. So we are looking at deriving three credentials from one given secure one. Large discussions over this one. We are implementing a strength meter for the given password. We will test this and check if the strength required is too high to split it we will use 2 entries. It will need a full security audit of course as splitting even after hash is not guaranteed to provide two sources of good entropy (which we need).
So this one will see some lengthy debate and we hope much of that in the forums
I still really like RFC Possibility SQRL
You could use zxcvbn from Dropbox : https://github.com/dropbox/zxcvbn
There goes having multiple accounts and just use the same pass phrase when switching between them. Effectively having 3 (or whatever) accounts for different aspects of ones life without having to remember 3 passphrases. 3 PINs might be easier to remember eg nnn1 nnn2 nnn3
There goes having two accounts, one real and one “dummy” that can be given to the authorities when threat of “beatings/jail time” is given. We had talked about just having the pin different so that you can even under lie detector give very plausible credentials yet they only get access to an account with ordinary contents and little/no coin. Giving an alternative PIN was going to be the easy way to “fool” the authorities/thieves
But if only have the pass phrase then much harder to do this. If your passphrase is
"word1 word2 word3 word4" and then you tack on an identifier for your account to distinguish between the accounts then this would likely be obvious to an authority/thief. To make the distinguishing feature of the passphrase not obvious then its likely to be harder to use then simply having the name/pin/pass
Think this may be OK though so if your passphrase is
You can still mirror with
Which is similar. However (a big however), in playing around with “john the ripper” and various crackers then knowing part of a phrase is a massive win in cracking. So back to your point this cracker thing can potentially still crack your pass, whether 3 or 1 input. To alleviate this we keep providing data wen folks ask and it’s heavily encrypted. In this scheme then even crackers wit custom scripts will have issues. However it is still possible?
You can be forced to give up a bit of a phrase (like pin or above), so the mirror account should be radically different (then you are OK).
Not easy but you may still be able to recover your passowrd using a custom script for a cracker, I have a notion we should actually supply such a tool as part of SAFE toolset. To if you remember its "%david$%XX but are not sure of the XX you may be able (with still a lot of effort) to recover from this. An idea anyway. It gets the point over mind you I think.
However, as I said this part should get a ton of scrutiny for sure and I am glad we are looking deeper at user experience and maintaining very high levels of security where we can. It should be simple to be SAFE and hard to be unsafe in my opinion, if we can achieve usability and security then we should be great.
But can we
Yea, the bummer was really relating to the convenience and visual cues aiding memory
Yes, in looking at this sort of thing it became obvious that finding your account would actually take a lot longer than if cracking a PC password for instance.
The network has to “retrieve” your account info (fake if error) and this time limits the maximum passphrase testing that can be done. For instance at average 333mSec account retrieval time then max of 3 tries per second.
If “XX” is
- numbers then 100 tries max, 50 average ==> less than 33 seconds
- a-z 0-9 then 1296 tries max ==> around 400 seconds max
- a-z A-Z 0-9 then 3844 tries max ==> around 1300 seconds max
- and so on
So for 2 & 3 known positions its plausible but as the unknowns increase it becomes a nightmare.
BUT yes, giving the cracking tools as part of a package for all is a good thing because crackers have them anyhow so no help for them, but a lot of help for interested users out there. Also if the passphrase is resistant to cracking then its good to give it real testing by as many as possible and the tools would help.