lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 04 Sep 2014 05:38:49 -0400
From: Bill Cox <>
Subject: Re: [CipherShed Devs] Second factor authentication

Hash: SHA1

I'm cc-ing the Password Hashing list because there has been some
interesting second-factor debate going on there, and I think this
debate is both entertaining and relevant.

On 09/04/2014 12:31 AM, Niklas Lemcke wrote:
> On 4 September 2014 12:28:10 GMT+08:00, Jos Doekbrijder
> <> wrote:
>> How about the a Smartphone
>> It is a computing device, but - hopefully - totally disconnected
>> from the device CipherShed computer, as well as that it should
>> receive information using a completely different channel, like
>> its camera or SMS.
>> Use the camera to have a independent app record a challenge
>> which should - with an independent app PWD - result in a
>> pass-code. (the good thing about this: These solutions are out
>> there, we can "just" implement them... <grin> )
>> banks use it all the time...
>> Cheers
>> Jos


> A smartphone is convenient, but far from secure. It would be a new,
> sweet attack vector.

A bank has a very different security model than a bank robber.  The
whole security model changes when you assume that the government is
working to attack you rather than protect you.  A phone for a second
factor is a great idea for a bank, which operates in collaboration
with the government, but a terrible idea for bank robber.  A stupid
bank robber gets caught simply because he *has* a smartphone when
robbing a bank.

We could support both models.  A fun way to ask the user which
security model he wants would be to ask, "Do you trust your government
to help protect your data?"  Users who trust the government get to use
their phones for second factor, and they get a nice auto-update
feature and alerts if any CipherShed weakness is discovered.  Users
who fear their own government would operate in "silent" mode, where
CipherShed avoids never causing a network ping.  We might even need to
come up with a way to distribute CipherShed installers that can't
easily be discovered by ISPs or governments.

Jason has said that he wants CipherShed to be used by both governments
and regular users.  The US government needs both modes, because it has
employees who are paid to act like bankers, and employees who are paid
act like bank robbers.  So, for Jason, I think we need both :-)

Second factor is easier (still not easy) if you trust your ISP,
government, and everyone in the network path from your phone to the
machine trying to authenticate you.  What kind of second-factor can we
provide for bank robbers, spooks, and democracy activists?

I think in this case a bootable USB thumb-drive is *far* better than a
smart-phone.  You can buy one in cash (unlike a cell-phone now days),
and only use it with your secret spook air-gapped CipherShed encrypted
machine.  You have to be careful to *never* put that USB thumb-drive
in any other device, but if you do that, you can trust that no one can
ever decrypt your spook data.  Those stolen nuclear missile plans will
be safely encrypted, and unusable without your thumb-drive.

This discussion started with a dumb idea I had for the thumb-drive
boot.  We can wipe the MBR after a full-disk encryption.  However, we
don't have to write 0's.  We could write something more fun :-)

What exactly should we write to the MBR in this case?

My thought was maybe write an MBR copied from some other disk
encryption system, to make the whole system look like it was encrypted
with another product.  Unfortunately, BitLocker has an unencrypted
boot volume, so that's not an option.  Maybe pop up a video of that
guy in Jurassic Park waving his finger at you?

Anyway, I think a USB boot is good for spook mode, and a smartphone is
good for good-citizen mode.  Should be considering other forms of
second factor?

Version: GnuPG v1


Powered by blists - more mailing lists