LinkedIn password database compromised

Mark Andrews marka at isc.org
Thu Jun 7 23:00:45 UTC 2012


In message <4FD0AE52.20602 at alter3d.ca>, Peter Kristolaitis writes:
> On 6/7/2012 9:22 AM, James Snow wrote:
> > On Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
> >> Imaging signing up for a site by putting in your email and pasting
> >> your public key.
> > Yes! Yes! Yes!
> >
> > I've been making this exact argument for about a year. It even retains
> > the same "email a link" reset mechanism when someone needs to reset
> > their key.
> >
> > A common counter-argument is, "But ordinary Internet users won't
> > understand SSH keys." They don't need to! The idea is easily explained
> > via a lock-and-key metaphor that people already understand. The UI for
> > walking users through key creation is easily imagined.
> >
> >
> > -Snow
> 
> Oh yeah, I can just imagine that "lock and key" conversation now...
> 
> "Imagine if the website has a lock on it, and you tell them what key you =
> 
> want to use by giving them a copy."
> "But if they have a copy of my key, couldn't they use it to open all of=20
> the other locks I've set up to use it?"
> "(explain public key crypto)"
> "(drool, distraction by the latest Facebook feature)"

No.  The correct metaphor is I have a key and a bunch of locks keyed to that
lock.  I give them a lock to install which only the key I have can open.
 
> The other problem with this approach is that, as bad as trusting remote=20
> sites to do security properly is, I'm not sure that putting a "one key=20
> to rule them all" on users' machines is that much better, given the=20
> average user's penchant for installing malware on their machine because=20
> "FunnyMonkeyScreensaver.exe" sounded like such a good idea at the=20
> time...   I suspect we'd see a huge wave of malware whose sole purpose=20
> is to steal public keys (and you KNOW users won't password-protect their =
> private keys!).

Actually it is a big win.  You now have to compromise millions of machines
to get millions of keys rather than a couple of machines to get millions
of passwords.

>   Plus, now you have the problem of users not being able =
> to login to their favourite websites when they're using a friend's=20
> computer, internet cafe, etc, unless they've remembered to bring a copy=20
> of their private key with them.

That is a real issue.
 
> I think public key auth for websites is a great idea for geeks who=20
> understand the benefits, limitations and security concerns, but I have=20
> serious doubts that it would hold up when subjected to the "idiot test".
> 
> - Pete
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list