Skip to main content

password-equivalence

(0 comments)

There's a nice discussion about password systems over at Educated Guess work. Since WiKID is a type of public key-based authentication system, I'm always interested when someone points out their superiority ;).

V=S and the server stores S.
Anyone who compromises the server once can simply steal S and can then impersonate me to the server any time that they want. These systems are usually called password-equivalent.

A=S.
This is how style UNIX passwords (and a lot of SSH password authentication) works. The system stores a password hash and the user gives the server his password. If the server is compromised and the attacker steals the password file, then he can't directly impersonate the user. However, if he has long-term access to the server he can of course capture the user's password when it comes over the network. In addition, because the system needs to be able to compare V and S the attacker can verify whether a given S is correct by checking it against V. This isn't a problem if S is well-chosen, but if its, for instance, a common word, then it's pretty easy to guess. This is called a Dictionary Attack.

S,A, and V are all different.
This is how public key authentication works. You store the private key (S). The server stores the public key (V)) The server provides some challenge which you sign to create A. The server can verify that you know S but can't use that information to impersonate you to anyone else. (Note for crypto-nerds: the non-password equivalent zero-knowledge password protocols fit roughly into this category as well.)

From a security perspective, public-key type systems are vastly superior. However, their deployment has been spotty at best. The major reason is that it requires changing both the client and the server. In particular, computing A from S is nontrivial and requires software on the client side, which is an obvious deployment hassle. This used to be a big problem with login authentication, but in the wake of the wide deployment of SSH it's starting to go away--though other usage and user education issues still remain.

WiKID eliminates some of these issues by using public key cryptography to transmit PINs and one-time passcodes. Using various protocols such as LDAP and Radius, it is much less likely that you will have to change the server or client. For SSH access, I use WiKID and PAM Radius rather than exchange public keys with the server.

Eric's blog post is really about credit cards and how they are password-equivalent. I look forward to his next post on the topic.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom