repost of comment: 'passwords are bad use asymmetric keys' on Tuesday August 12, @08:07AM (#24566319)
the copy-paste, then the amendment:
The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.
So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.
This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.
The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)
-- amendment --
- no I'm not talking about a simple USB drive. That's why the IronKey is dumb since a rooted PC could mirror it.
- the usb device could have all sorts of fancy stuff like LED screen or PIN, i.e. it's not just a flashdrive as I said, it does public-private key crypto -- you can't read all its private data by plugging it in. the point is to get support for asymmetric authentication and allow the free market to provide the level of extra nuisance consumers want.
- 90% don't want this, which is good, happy for them, I'm part of the 10%. So the legacy symmetric password support wouldn't go away and the 10% who want asymmetric passwords on a hardened low complexity (complexity is the enemy of security -- that's why your PC is as leaky as a sieve) device would have that option.
- i like bullet points
- proof-of-concept on a smartphone might be helpful.