Analysis of Passport Flaws 174
An anonymous reader sent us an excellent (and technical) paper describing problems with Passport its not lame anti ms rhetoric, its actually a well written technical assesment of security problems with the unified login that passport aims to achieve. This is a good read.
Missing the forest for the trees ... (Score:2, Insightful)
The article does a good job of articulating specific issues with the Microsoft's Passport system. Other people have suggested that we should perhaps look to XNS [xns.org] or other open source single signon systems. However, I believe they are missing an important piece.
Yes, that's right. What good is a strong single signon system that auto authenticates distributed sites, when the single signon itself may be weak? How much will 3DES encryption protect you when your password is "Swordfish"? You may recall the slashdot article [slashdot.org] that discussed how the average person tends to do a poor job of picking a secure password.
Fundamentally, Microsoft's passport or any other single signon system is as weak as their weakest link. Which, in many, cases appears to be the original signon authentication. I don't see them really catching on until that problem is better addressed.
These systems will have a much better chance when biometric authenticators become ubiquitous. Then hackers will have a much harder time impersonating you at the single signon.
However, no single signon system is perfect and the world is going to get a whole lot nastier when biometrics arrives en masse. Someday, we'll wax nostalgic about happier times when hackers only attacked computers and didn't pull out your eyeball to break into your bank account. I just saw Demolition Man recently in which Wesley Snipes does a very nice job of faking out a retina scanner with this method - truly gruesome.
Bah, none of these single signon systems for me. I'll just stick with my secure method of appending the site url to "password". Even if someone compromises one password, they won't know the rest!
This entire discussion violates the DMCA (Score:5, Insightful)
Now you can't discuss the weaknesses you find in an open forum so they can be addressed. You can only discuss it illegally through encrypted e-mail with others who will exploit them.
The DMCA was NOT an improvement.
Re: Do we really *need* Passport? (Score:3, Insightful)
The inherant problem with this technology, however, is that in order to have a secure, single sign on, somewhere there has to be a database, accessable to the internet in some fashion, which has the username, password, and private information of whoever wishes to use it. There's just no way to get around that. And no matter what platform this system is running, there will be never ending attempts to bring it down or r00t it.
Plus, i don't like the idea of my private information being the property of a corporation.
~z
We need an alternative (Score:5, Insightful)
I found this [madasafish.com], which discusses a way of doing a Passport-like identification over Jabber, dubbed "Jident". Maybe this, or something like it, could be implemented as a proper open-source/distributed counter to Passport.
Jabber is definitely what the world should be using instead of this new "Windows Messenger". Perhaps an alternative to Passport could be added/layered to it as well? Definitely check out that Jident page, especially the bottom where it lays out the pros and cons (and a neat scenario).
Maybe something like this will be discussed at JabberCon [jabbercon.com].
-Justin
Re:Windows users (Score:2, Insightful)
The example of msn/communites was just from personal experience. I am unable to communicate with many of my friends over the net cause I refuse to sign up to passport - sure its my choice, but in my oppinion they are abusing their monopoly with this.
It will become worse when many other merchants are using passport.
The Power of Passport... (Score:5, Insightful)
Then, assuming that other companies do begin to use Passport at a significant level (despite no one using it after months of its deployment), there then becomes the question "What happens when Microsoft denies companies access to passport authentication?" For example, what happens if a Hotmail competitor wishes to use Passport authentication for its web mail login? Clearly, Microsoft would be helping their competitor if they allowed it, and acting monopolistically if they don't. That does provide a small problem for Microsoft.
Third is something that the article points out very early on about the very reason people need something like passport. To paraphrase, the article states that people dislike the idea of their online grocery store having access to their online stock trading when they use the same password. This problem doesn't go away with Passport, it is just enhanced. Now, instead of your grocery store having access to your stocks, Microsoft has access to both your grocery store and your stocks, without doing anything but being a middle man authenticator.
But what am I saying? Microsoft is the good guy, who would never abuse its power. That's why its okay for Microsoft to use its powers to "innovate," just like its okay for the US to develop defensive systems that give it the power to launch nuclear weapons without fear of retaliation.
Re: Do we really *need* Passport? (Score:2, Insightful)
Holy fsck is that ever ignorant!
Why are open-sourced foo always better than closed-sourced or company-owned foo? And why do most
As it stands now, Passport exists, appears to be scalable, and works most of the time, which is a lot more than I can say for XNS. And yes, Passport has problems right now and will have problems in the future, as will XNS. It's a part of the development process which can't be avoided but at least Passport is out there now, being used, attacked, and debugged, before it or anything else becomes somewhat of a universal standard when real $$ is at stake.
And given the choice of who to fix an emergent security concern in their respective systems, would you trust the well-intentioned staff of XNS, who are either very knowledgable but potentially few and far between (cf recent slashdot and K5 outages), or somewhat knowledgable and found in abundance; or Passport, staffed 24x7 by an army of people who at least know what they are doing and are eventually liable to shareholders and business partners who have multi$billions to throw around (or not)?
XNS and anything else that comes along will necessarily have to learn from the mistakes made by Passport now, and I don't think that's a Bad Thing. As it stands right now, the afore-mentioned army of developers _who evolved the current system over 5+ years and must listen and respond to customer and partner concerns or lose business measured by six or seven zeros on a daily basis_ aren't getting it entirely right, so why would I think that an emergent cadre of excellent but not-entirely-devoted developers with comparatively zero funding can _build and maintain_ what amounts to a public infrastructure (something which doesn't lend itself well to being maintained by an entity, staffed by few enough people that they can all be killed in one incident, and without real-world liability for failure) to serve billions of people world-wide? I don't.
</rant>
Re:Why not local machine database? (Score:1, Insightful)
Perhaps a better approach would be to create smart card tehcnology that holds this information. The biggest security risk here is losing your smart card, probably about as damaging as losing your credit card, perhaps more so, but it's realistically the only alternative. Syncing is not alternative becaus eit limits where your data can be accessed from.
Keep in mind that many of the systems Passport and Hailstorm, because the two are intrinsically intertwined, do not exist. Passport and Hailstorm could conceivably eveolve into smart card technology or PDA bsed systems that use IR or Bluetooth to communicate with each other. These two technoogies represents innovation and the future of computing systems. Let them flourish and see where they take us. Don't rip them out with the weeds because you don;t understand them.
Re:Hailstorm. (Score:3, Insightful)
Now maybe a small minded stupid fuck thinks that this is rich envy but that's because the idiot apparently thinks that all rich people commit crimes. Or maybe the moron is incapable of understanding that the legal system has already determined that these people acted in a criminal manner. Perhaps the dimwit thinks it's wrong to punish criminals who are rich because "they commit less crimes then any random 10,000 people" but I hope to god stupid shitheads like that never get in power. We in this country already let the Rich get away with murder.