undefined | Better HN

0 pointsxoa1y ago0 comments

>All my passwords are randomly generate and stored in a password manager so I really haven’t felt the need to switch or felt constrained by my existing set up.

The basic logic here is pretty clear imo. Passwords are still symmetric factors, and they're also completely unstandardized. So you still have to do a significant amount of manual management crap that should not exist, deal with UI that should not exist, and you still have to do some stuff if the other side (service provider) gets hacked. If we used bog standard pub/priv keys instead, then everything could become universally better. There'd be no need to worry about password policies, whether there is a character limit or not, how well and consistently individuals handle it, or anything like that ever again. Nor care if a site is breached, literally no action required because the site would only have the public key, they could publish it in clear text and it still wouldn't help attackers authenticate a single iota. Plus things like phishing and so on go away, because same thing, if the user has their agent browser to a malicious link or the like, and then it presents their pubkey, it still wouldn't do anything and the agent can't be fooled by similar looking to humans domains or anything. The agent would expect the service to present the proper signed request and anything else wouldn't work. Conceptually everything could be automated and standard without any sort of silo, all software could speak the same standard simple key format and everyone could back that up and sync it any way they wanted.

Unfortunately as is so often the case these days there's a lot of perverse incentives and players who can't resist the urge to try to add extra functionality in on top rather then just going for the low hanging fruit in a solid way first. So we've seen a confusing muddle, of existing players with financial interests who make money by helping lower the pain of the garbage that is password based mutal auth, those who see new chances to try to silo, those who want to shove in attestation and differences in password backing for good and bad reasons, mixing in concepts of hardware backing that are unnecessary, etc. I'm still hopeful something will come out of it in the end but it's been a real bummer to see how it's played out.

0 comments

Twisell1y ago

Yes but what I'm still confused about is that: 1) Is one/some of your public key reused on different services 2) Or is there a different public key for each service

1) In the first case what will prevent different services to track users by comparing public key... and if so I would be more at ease with a site specific randomly generated password

2) In the second case when one service is breached you'd still have to manage rotation of public key somehow, how trivially is that done with current implementation ?

gruez1y ago

>2) In the second case when one service is breached you'd still have to manage rotation of public key somehow

Why would you need to rotate your keys? If they're storing passwords/hashes it makes sense to rotate because they might be able to brute force the hashes on a GPU cluster, but you're not going to be able to brute force a randomly generated public key.

Twisell1y ago

If I have any fear that the associated private key have leaked. For instance if my off-site encrypted backup is stolen. I sure would want to rotate my private key because my secret would be only as safe as the encryption method at the time the backup was stolen. I'm still not entirely sold on the "quantum will break any current crypto" but better safe than sorry.

1 more reply

ezfe1y ago

Not reused, each service has a different key

To rotate, you go to the key management page of the service and delete/add a new key.

UncleMeat1y ago

The whole point of a public key is that it is not secret. A breach where a service leaks the public keys of its users does not harm your security posture at all.

joshstrange1y ago

Thank you for that description. I do understand at a high level that it’s similar to SSH keys with the pub/private aspect.

I think I really need to implement it myself at least once to really grasp it. Maybe that’s stupid/slow of me but that’s how I learn best.

j / k navigate · click thread line to collapse

0 pointsxoa1y ago0 comments

>All my passwords are randomly generate and stored in a password manager so I really haven’t felt the need to switch or felt constrained by my existing set up.

0 comments

Twisell1y ago

Yes but what I'm still confused about is that: 1) Is one/some of your public key reused on different services 2) Or is there a different public key for each service

1) In the first case what will prevent different services to track users by comparing public key... and if so I would be more at ease with a site specific randomly generated password

2) In the second case when one service is breached you'd still have to manage rotation of public key somehow, how trivially is that done with current implementation ?

gruez1y ago

>2) In the second case when one service is breached you'd still have to manage rotation of public key somehow

Twisell1y ago

1 more reply

ezfe1y ago

Not reused, each service has a different key

To rotate, you go to the key management page of the service and delete/add a new key.

UncleMeat1y ago

The whole point of a public key is that it is not secret. A breach where a service leaks the public keys of its users does not harm your security posture at all.

joshstrange1y ago

Thank you for that description. I do understand at a high level that it’s similar to SSH keys with the pub/private aspect.

I think I really need to implement it myself at least once to really grasp it. Maybe that’s stupid/slow of me but that’s how I learn best.

j / k navigate · click thread line to collapse