Password Security

[TripleB]

I started writing this up as a response to another forum in a thread about 1Password. I realized halfway through the post that I started getting off on a tangent that is completely unrelated to 1Password, but would be completely appropriate for my blog and this forum:

I started off using the same password for everything about 10 years ago.

Then once I realized a breach at one site could compromise all of my accounts, I started making slight changes to each password. For example, suppose my "generic" password was "Password" On PP Forum, I might use the password of "PPPassword" so that if it was compromised, it wouldn't also work against "BankofAmericaPassword" but it was simple enough for me to remember to keep them straight in my head.

The concern with that last method is that if someone looked at "PPPassword" and happened to also breach Bank of America in a separate instance and see "BankofAmericaPassword" that hacker could deduce my scheme and exploit it. I realized this was a small concern because a hacker is going to take out the 99% of people that reuse the same password and not try to manually parse my password scheme.

However, once I got 1Password, I decided it was easy enough to have completely random garbage passwords for all websites so while the benefit is marginal compared to a site-specific password schema, the cost is nothing. In fact, the cost is "negative" because using 1Password makes it easier.

I spent a couple hours one day changing all my passwords to pseudo-random generated strings and came to a harsh realization. A lot of sites, especially banking sites, have shitty security. By default I tried to use a 40-ish character random string as a password, because there's no additional "cost" for me to make one that long. Many sites capped out at 12 characters. That's embarrassing. A few didn't even tell me what the restrictions were and I had to continually try shorter and shorter random passwords until one was accepted.

Then I realized, I re-used a lot of the same security questions. I have a "schema" for security questions and always use the same false mother's maiden name and false "first pet name" and false "first high school mascot" so that a hacker can't compromise my account by looking at facebook or other public data and figuring it out.

So that's the real risk I have now. Each site has a unique garbage random password, but the same set of security questions to reset the password. A breach on one site will acquire the security question answers and my email address, which is enough to reset the password at other sites.

I've considered going in and also coming up with random garbage strings for the security questions for each site. In theory, if they are stored in 1Password, then I don't have a need to remember them. This fails for 2 reasons:

1) What if the security questions are stored in plain text in my account, and the account reps have access to them and use it for a phone authentication. This has happened in the past to my embarrassment when I used a joke porn name movie as my "favorite movie" and the female CSR had to authenticate me by verbally answering it. It would suck to tell the CSR that my mother's maiden name is "909u*7fdg%df" and to have to explain why I did that, because he would ask and now I'm the talk of the water coolers at CSR central, where other curious CSRs decide to figure out why I'm so paranoid and snoop around my account.

2) What if 1Password died and I legitimately needed to reset my password? If 1Password is storing fake random garbage security answers, then I lose my ability to reset the password, short of photocopying my drivers license, getting it notarized and mailing in a request.

I believe I can solve both problems with the security question by

a) Using real, but unique answers for each site. i.e. PP Forum may have "Smith" as my mother's maiden name while Bank of America may have "Rodriguez" as mother's maiden name. I choose names that are "fake" but could be real sounding, so that if I have to say them to a CSR, they could be real, but no one could ever guess them on brute force. i.e. mother's maiden name = "Zorkendorf."

b) I physically write these on paper, and store them in a safe deposit box in addition to 1Password. If I wanted to be paranoid, I'd physically write them in code, using a 1-time pad method of encryption, with a separate pad for each name, because since these will be names, with a large enough list the encryption could be cracked. Then I'd have the keys for the 30+ 1-time-pads stored with an attorney in Switzerland that could have his hot secretary type them into a PGP encrypted email if I needed them but anyone who seized my safe deposit box would be unable to crack my online accounts. This is completely a joke, because 99% of people wouldn't need that level of paranoia, but it is a possibility for some.

Another issue I have with 1Password is that it stores your passwords locally in an encrypted file. That's the "best" option, much better than storing it on a server somewhere that may become compromised. But, there's still a risk the file could get stolen off your computer, perhaps if you lost your laptop.

The password file is encrypted, locked by your 1Password password. However, if someone steals the file, they can brute force it eventually.

I believe a reasonable approach would be to follow all of the above, and then reset all your passwords and security questions on a quarterly or biannual basis.

It's possible someone stole your password file without your knowledge through a trojan, and has started brute forcing it already.

It's also possible someone compromised an account of yours on a single site, through no fault of your own, and the server/company didn't know about the breach. The hacker cannot use that password elsewhere, but they still have current access to your account, and may be waiting to exploit it.

By doing all of the above, and changing all your passwords quarterly, that reduces those last few risks. In theory, changing the password daily or hourly would be the best protection but that's ridiculous. I believe a fair balance is every 4 months, and it encourges you to update any contact info on your online accounts and ensure there's no fraud or anything else fishy going on in there.

You may also realize, much like I did, that your life is too connected to large companies/organizations, and you can simplify your life by reducing the number of places you do business with.

My goal is to maximize utility at the lowest cost to myself. The less transactional overhead with the greatest security, the better and in the above post (outside of the 1-time-pad Swiss lawyer joke) seems to be the efficient plane for me.

On a side note, one of my "Accounts" was breached this week on the server side and hackers got 50k+ logins/passwords. I have nothing to worry about (except maybe security question overlap) because that was a unique password to that account only, and literally included 30 characters of mixed letters, numbers, and symbols that are not reused on any other site.

[Ad Orientem]

I have four passwords.  One that is a generic one that I use for a lot of low level unimportant websites and accounts.  Another one I use for slightly more important but not really critical things.  The third I use for important stuff.  It is random characters and numbers, some capitalized and some not.  And the last one is configured the same way but is used exclusively for online banking.  I change the last two passwords ever few months.

[Gumby]

1Password has the ability to store your password folder on Dropbox. This automatically syncs your passwords locally and re-encrypted on Amazon's cloud servers (everything in your Dropbox is already encrypted anyway). This is easy to setup and it can be set up to sync to a secure 1Password file on your phone. You can even log into Dropbox from any computer and decrypt your passwords using a web browser interface that's embedded into the synched 1Password folder. So, that solves the local copy issue you described.

One of the best features of 1Password is that it can actually store and enter the crazy TreasuryDirect password.

[TripleB]

I don't trust storing the 1password file on DropBox. They already got compromised once publicly, and an unknown amount of times privately. DropBox is a big target now that it's popular.

If my 1Password file gets taken, then it's a matter of brute force to open it, because the hacker will have unlimited access to trying a password table against it.

I prefer to keep my 1Password file locally.

[dualstow]

Love the fake porn title anecdote.
I have been using false security answers for a long time now and had a good laugh when i heard how Sarah Palin's yahoo mail was breached.

Until i read your post (OP), i had not thought about how brokerage agents might have easy access to those answers. (i should have. My credit card  was one of millions compromised when a third party threw unshredded pages of numbers in a dumpster). I suppose you can only do so much.

[Gumby]

I don't trust storing the 1password file on DropBox. They already got compromised once publicly, and an unknown amount of times privately. DropBox is a big target now that it's popular.

If my 1Password file gets taken, then it's a matter of brute force to open it, because the hacker will have unlimited access to trying a password table against it.

I prefer to keep my 1Password file locally.

According to 1Password:

"All of your confidential information is encrypted using AES, the same state-of-the-art encryption algorithm used as the national standard in the United States. (Fun fact: AES stands for Advanced Encryption Standard.) 1Password uses 128-bit keys for encryption, which means it would take millions of years for a criminal to decrypt your data using a “brute force”? attack."

http://help.agilebits.com/1Password_Windows/
http://help.agile.ws/1Password3/agile_k ... esign.html

Using a strong Master Password for your 1Password's agile keychain would make it pretty much impossible to crack — even if Dropbox were compromised.

1Password documentation also says:

One of these protocols that is worth mentioning at this point is the use of the key strengthening function PBKDF2. This protects your data against password guessing (password cracking) programs in a number of ways. Before we can explain how that works, you need to know a bit more of what 1Password does when it decrypts your data. Your data is not directly encrypted with your master password. Instead it is encrypted with a random 128-bit number that was picked when 1Password first created your Agile keychain. That 128-bit number is your true decryption key. This key, in turn, is encrypted using your master password.

The computation (AES-128) to get from your decryption key to your data is designed to be quick; but the computation (PBKDF2) to get from your master password to your actual decryption key is designed to be slow. This means that when you enter in your master password you have to wait a fraction of a second. That fraction of a second, however, makes it enormously harder for automated guessing programs. Without PBKDF2 well designed automatic password guessing programs can try millions of passwords per second, but with this key strengthening this is reduced to a few hundred per second. Another consequence of this system is that even if two people use the same master password, they will have different encryption keys and so their data will be encrypted differently.
Source: http://help.agilebits.com/1Password3/cl ... urity.html

For technical details on cloud storage security, see here:

http://help.agilebits.com/1Password3/cl ... urity.html

[TripleB]

Gumby:

I'm willing to bet that someone with $10k worth of high end graphics cards can crack 128 bit encryption in under a week.

[Gumby]

Gumby:

I'm willing to bet that someone with $10k worth of high end graphics cards can crack 128 bit encryption in under a week.

Fortunately, that's not even remotely true. You would definitely lose that bet. Plus, we're not just talking about 128 bit encryption — which is very secure. We're talking about AES-128 with key strengthening function PBKDF2.

Even without PBKDF2, it would be nearly impossible to crack AES-128:

Recovering a key is no five minute job and despite [this latest crack] being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.

"To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key," the Leuven University researcher added. "Because of these huge complexities, the attack has no practical implications on the security of user data." Andrey Bogdanov told The INQUIRER that a "practical" AES crack is still far off but added that the work uncovered more about the standard than was known before.

"Indeed, we are even not close to a practical break of AES at the moment. However, our results do shed some light into the internal structure of AES and indicate where some limits of the AES design are," he said.
Source: The Inquirer (http://s.tt/14cdl)

See: http://www.theinquirer.net/inquirer/new ... on-cracked

Adding PBKDF2 as an additional layer, on top of AES-128, makes your 1Password file virtually impossible to crack with known cracking methods.

There is no reason to believe that 1Password files are at risk of being compromised by a crack for at least a few decades. The encryption is very secure. You should do some research on AES-128 and PBKDF2 before you start spreading false rumors.

[craigr]

It is rare for a known modern cipher system to be broken outright. Brute force is always a threat though. However it is common for the developers to incorrectly implement the algorithm and cause weaknesses that are exploitable. Or for a back door to be present that is not revealed to users.

I was reviewing encryption example code from a major company that many developers simply did a cut and paste on for their product. Well the original developers seeded the cipher initialization vector with all 0's before mixing it with the key. They should have used a random number but didn't probably because they assumed others would know better. Or maybe they didn't realize the error in doing this. Who knows?  I suspect this weakness would make breaking programs that used that code much easier. Sadly, a lot of developers clearly used the code as is not knowing and now I believe this weakness is present in a lot of programs.

http://cwe.mitre.org/data/definitions/329.html

Frankly, I think just writing down your passwords and carrying them in your wallet is safest. Just don't put next to them what website it is for. Use a symbol or code or something. You will know if your wallet is missing, but you won't know if a password file has been stolen off your machine. Sometimes old school still works best.

EDIT: Well it looks like someone discovered the same thing I did:

http://www.remote-exploit.org/archives/ ... index.html

Yes, the vendor in question is Apple. And yes a lot of people are using broken crypto code in their apps if they just cut and pasted it(as most would). Apple is using all zeros in their initialization vectors by default and it makes the cipher much weaker.

Just saying that brute force is not the main way ciphers fall. It usually is developer or user error that does it.

[MachineGhost]

I'm willing to bet that someone with $10k worth of high end graphics cards can crack 128 bit encryption in under a week.

Always use at least a 43 character random password with upper and lower case letters and numbers to defeat quantum computing.

MG

[BearBones]

I don't trust storing the 1password file on DropBox. They already got compromised once publicly, and an unknown amount of times privately. DropBox is a big target now that it's popular.

If my 1Password file gets taken, then it's a matter of brute force to open it, because the hacker will have unlimited access to trying a password table against it.

I prefer to keep my 1Password file locally.

Wow, you are right! Just found out that Dropbox was compromised last year:
http://techcrunch.com/2011/06/24/dropbo ... loited-it/