Re: Conspicously absent: social engineering and cross-domain problems

Amir Herzberg wrote:
 > we can easily turn one password into many
 > site-specific keys. Plus, we can try to force users to
 > use different passwords (which, of course, is not as
 > good, but easier to do - see problems below).
 >
 > There are `only` two problems: 1. This requires the
 > password manager to set or change the user's password.
 > This _can_ be done, but since no standard exists for
 > this, this is problematic. A standard may help. 2.
 > What happens when the user moves to a new machine,
 > etc.?

User has master password, which he gives to the program
that manages all his logins and site specific passwords

Login program uses master password, plus a large random
number locally stored on the computer, to generate
account specific passwords for each account.

Oops, we are on a new computer?  Random number is not
there?  Then do an SRP login to the server of the
company issuing the login program, and get a copy of the
large random number.  This means that the company
issuing the login program can launch a dictionary attack
on your master password, as can anyone who has access to
one of your logins and access to a computer on which you
used the login program, but no one else can launch a
dictionary attack.


     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      TUdFOlQ70/EAwldpTfDzi9+EvidW00uLsALJru8m
      4Kqux43tfA/3eypKJ98pPwwRENfeFyfSuLAgHNKVL

Received on Tuesday, 13 June 2006 15:04:27 UTC