Worries Arise About Security of New WebAuthn Protocol

An anonymous reader writes: "A team of security researchers has raised the alarm about some cryptography-related issues with the newly released WebAuthn passwordless authentication protocol," reports ZDNet. "The new WebAuthn protocol will allow users of a device -- such as a computer or a smartphone -- to authenticate on a website using a USB security key, a biometric solution, or his computer or smartphone's password." But researchers say that because WebAuthn uses weak algorithms for the operations of registering a new device, they can pull off some attacks against it.

"If converted into a practical exploit, the ECDAA attacks discussed in the article would allow attackers to steal the key from a [server's] TPM, which would allow attackers to effectively clone the user's hardware security token remotely," Arciszewski, one of the researchers, told ZDNet. "The scenarios that follow depend on how much trust was placed into the hardware security token," he added. "At minimum, I imagine it would enable 2FA bypasses and re-enable phishing attacks. However, if companies elected to use hardware security tokens to obviate passwords, it would allow direct user impersonation by attackers." Attacks aren't practical, and experts say the root cause relies in badly written documentation that may fool some implementers into supporting the old algorithms instead of newer and more solid ones. The FIDO Alliance was notified and has started work on updating its docs so it won't look like it's recommending ECDAA or RSASSA-PKCS1-v1_5. "PKCS1v1.5 is bad. The exploits are almost old enough to legally drink alcohol in the United States," Arciszewski said.

Re:Question for you security experts

Because no actual experts were involved in making the standards.

This is the usual case when "web"-anything is involved, as evidenced by, for example, the entire works of the W3C.

Re: Question for you security experts

[Zocalo]

In part but, as with most security SNAFUs where people really should have known better, I'm also wondering how much involvement the intelligence services like the NSA, GCHQ, etc. may have had behind the scenes. It's well documented that governments have been looking to get backdoors in secure web protocols one way or another (legislation being the means du jour), and what better way to do that than with an end-run around the whole problem by compromising users' accounts and simply acquiring their login details? Sure, the researchers might be claiming that some of the attacks are not really practical for typical attackers, but the NSA etc. are not really typical attackers, and especially so since they have things like NSLs in their toolbox.

If so, it's good to see that they are *still* only paying lip service to the notion that if only $friendly_governments has knowledge of the backdoor and necessary computation resources, then it's just a matter of time before $not_so_friendly_governments, $very_unfriendly_governments, $cyber_criminals, and (eventually) $every_script_kiddie_and_their_dog will have the necessary knowledge and resources too. Perhaps they think Snowden was a one-off or something?

Why this "war on passwords"?

Yes, I know. It's easy to choose a weak password. And then you write it with a sharpie on your smartphone's back and things.

But there is one enormous advantage to a password: it's in *my* head. When I pass away, then it is gone too -- unless I've left a copy to someone I trust. This is a feature I won't give up on.

So: use a password generator (that's the only way to really put a controlled amount of entropy on that). Fucking memorize it (the first times it seems impossible, but my most important three to four passwords, like HD LUKS password, backup encryption are pwgen -n 16 -- no problem memorizing that after a modicum of training).

Don't trust schemes like this that *make people dumber*. Rather make people smarter.