Slashdot Mirror
Storing Your Encrypted Passwords Offline On a Dedicated Device
An anonymous reader writes "The Hackaday writer Mathieu Stephan (alias limpkin) has just launched a new open source/hardware project together with the Hackaday community. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating long and complex random passwords for the different websites people use daily. It consists of a main device where users' credentials are encrypted, and a PIN locked smartcard containing the encryption key. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login. All development steps will be documented and all resources available for review."
US Military pretty much does this with their Common Access Cards (CAC). It doubles as our government ID card and stores certificates that are used to identify individuals on government sites. I like that system as it allows me to remember a simple master password (a PIN) and the passwords are stored somewhere secure.
Not sure how useful this system would be if people continue to use passwords like 'password.' Combining this with KeePass or something similar would be nice.
How does this differ from using KeePass and keeping the password safe on Dropbox?
It's not offline.
This really is some guy just using a system he thinks is less likely to be compromised. Well, that's what everyone else does too.
http://lkml.org/lkml/2005/8/20/95
yet, still lacks in reliability
rewriting history since 2109
I store my passwords on a piece of paper. Works fine for me.
-- Cheers!
... in a keepassx database with a strong but easy to remember master password. In general if you believe an encryption is good enough you could put your password db in a public area, but usually the weakest link is the computer from where you decrypt it, that is usually online exposed in a way or another to malware that could try to intercept that key.
The passwords are to be AES128 encrypted on the smart card. There is no password server.
If we seriously wanted to know if it was necessary and sufficient, I'd suggest we ask Whitfield Diffie, who is a nice man and would probably answer...
davecb@spamcop.net
And something else you have?
What's the point of introducing a PIN-locked smart card? The PIN is what matters in this case, since both the device and the card need to be kept together anyway. All adding complexity does here is create an easier way to lose access to your credentials.
Why not handle it like OS X's Keychain, where your passphrase unlocks the encrypted secret... while the secret and the data store are on the same device?
#DeleteChrome
1) The NSA can get the statistical wisdom from huge PW leaks posted by skiddies who dumped an SQL DB -- Or from those DBs themselves by deploying a single zero day vulnerability against the service.
2) Salted hashes are impervious to rainbow tables.
generating long and complex random passwords
The NSA has been very helpful with solutions.
I think the idea is that a keylogger is already installed on your phone when you buy it. Because the free parts of Android's userspace are Apache licensed, not copylefted, the carrier isn't obligated to provide complete corresponding source code along with the phone to ensure that your handset doesn't already have covert snooping software to comply with CALEA and its sequels.
.....gives me that already
I've removed the processor and storage drive from my computer, thus rendering it 100% secure.
I store all the most sensitive data in my brain, where my faulty memory provides the necessary encryption.
You are welcome on my lawn.
I've been wanting to do this for quite some time with an old Android phone. It provides a touch-screen interface. Many include a MicroSD meaning you can add software/updates to it without ever networking it. Kernel source is available for many, so you can build with the Linux HID Gadget driver to make it behave like a keyboard. Plus, people have the devices sitting around idle.
If your ciphertext must be stored in such a fashion, why bother? Properly encrypted data should be able to fall into the hands of an attacker, that's the whole point.
Because you want to avoid trusting the computer on which you are entering the password to also handle decryption duties. You do want the encrypted data to be useless without the key; but if you are planning on decrypting the data yourself, your key is going to be living in some computer's memory, at least briefly. If you are using a suitably compromised computer, it won't be a private key for long.
Actually, it doesn't fulfil all the requirements.
You walk into a net cafe and want to log into random site you don't care much about password of. Will you plug in your stick and enter your encryption password, thus allowing the theft of all your passwords?
Having a device which masquerades as a USB keyboard addresses this use case.
I store the secret questions & answers in my KeePass file, and I make sure to use suitably different answers from the questions being asked, so there's no correlation between the two...they're like additional passwords.
Give a hand, not a hand-out.
Douglas Adams, right again.
"It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant --- a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all- purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense. "
-Mostly Harmless, 1992
i could live a little longer in this prison
"Storing Your Encrypted Passwords Offline On a Dedicated Device" = stick them in a USB stick in your pocket. My solution fulfills all of the requirements the easiest, the cheapest, and the most reliably.
Write them in a holy book, the G-Dless politicians would never think(if they ever knew how) to look there.
The mind conceives, the body achieves, the spirit manifests.
... in a keepassx database
Keep-ass-X? I guess that's one place to store them, but it doesn't strike me as terribly hygienic. Mind you it should be safe from shoulder-surfing, unless you're in the shower and bend over for the soap.
OpenID enabled websites offer you the opportunity to go further: send no password at all over the network.
OpenID relies on an Identity Provider (IdP) to validate your identity. You can set up your own IdP, and if you have a PKCS11 compliant smart card, your web browser can use it to perform client certificate authentication to the IdP using the certificate and private key stored in the smart card.
Just use Keepass or a text editor in a trusted AppVM, plus the secured copy+paste in Qubes OS.
I doubt any remote attacker could take your passwords then.
Am I the only one terrified that if something happens to my one "dedicated device", I'm screwed? The reason I keep my encrypted passwords in the cloud is that the service provides have redundancy. I'm seriously fucked if I lose access to my data store. How could anyone possibly sleep in peace knowing that their entire lives revolve around the safekeeping of one fallible hardware device??
That is why I don't store any passwords anywhere. I have 3 master passwords each in order of trustworthiness and then generate the passwords using supergenpass. As a result each website has their own unique passwords of reasonable complexity. The only issue I have is with system authentication, but that is a different password altogether.
Mind you it should be safe from shoulder-surfing, unless you're in the shower and bend over for the soap.
Even still, I would expect them to stop at the wrist or elbow.
(name withheld by request)
I've just developed my own algorithm for generating passwords that is based on the specific site and other info. I only have to remember the algorithm to refigure the password instead of memorizing passwords. This allows me long, complex, and unique passwords for every site, without having to store any of them anywhere. Some systems have required password changes at certain time intervals, so be sure to include that into your password generation too. I recommend this process to everyone. (Then again I am a physicist :/)
This.
When all your online access depends on it, you can't have enough redundancy.
Security isn't just about secrecy. It's also about being safe from loss.
Which is exactly why I created Master Password (algorithm/app): The theory is that all your passwords should be stateless, not rely on any form of storage at all, be long to be secure against brute-force attacks, be irreversible, and even if you lose everything you own tomorrow, be recreatable purely from your own knowledge.
``OK, so ten out of ten for style, but minus several million for good thinking, yeah?''
Why does the world insist on using passwords when we have RSA?
If it ain't broke, don't fix it.