project idea: portable password safe
paul at boddie.org.uk
Sat Sep 7 20:35:59 EDT 2013
On Sunday 8. September 2013 00.00.49 Werner Almesberger wrote:
> Paul Boddie wrote:
> > How does the idea relate to things like PGP key storage on smartcards?
> > For example:
> I don't know much about card-based solutions. E.g., how many formats
> are out there, how many voltages, are those designs global or do you
> need one for each continent or even country, etc.
I don't really know much about them, either. That's why I was asking. ;-)
> The basic concept is to keep the "trusted" computer in the card and
> to add a "trusted" user interface (i.e., no keylogger, display
> shows what the trusted computer sends) and an equally trusted
> trusted-UI-to-trusted-computer interface.
> That way, you get two-factor authentication: you need to HAVE the
> card and you need to KNOW the code you type in on the keyboard.
> If your code gets compromised (e.g., someone added a key logger to
> your card reader), you still have the card acting as a "key", but it
> could then be used to authenticate automated fraudulent
> If the card merely stores a key but doesn't need to be trusted (or
> if the issuer of the card decides to trust you to set up a trusted
> environment), then you could move all this into the password safe.
I guess I should read up about these smartcard plus reader solutions. My only
experience involved an online banking system where one inserted a card,
entered a PIN when prompted, entered a challenge shown on a Web page, and then
read off the response from the reader for typing into the form on the Web
If I had to guess what went on there, I'd imagine that the PIN somehow
persuades the smartcard to make some kind of key available for work, and then
the key is used to transform the challenge text into a response text, with the
processing being done on the card. I should probably do some reading to check
how accurate this guess actually is. ;-)
> Note that such trusted environments may have requirements the safe
> may not meet, e.g., hardening against key snooping by monitoring
> power consumption, processing time, and by varying the chip's
> operating environment.
> > Although lots of services still work in terms of passwords, I can foresee
> > people starting to use PGP a lot more,
> If it's just PGP, you can encrypt the secret key and store it in
> the safe, just like any other password. Then add some protocol to
> do the processing you want to be done with it. Such a solution can
> exist in parallel to any cards.
> > However, these systems appear to give the control
> > over actually making signatures to the organisations running those
> > systems,
> I very much hope the Snowden reports will be the final nail in the
> coffin of CA-centric signatures and authentication.
Well, I was actually talking about systems where, after messing around with
secret codes (maybe generated by one of those RSA code generator devices) or
good old-fashioned ones distributed on paper, you authenticate yourself to an
online service, but the action of signing something is apparently done on your
behalf. Certainly, a public agency or online bank might ask you to input
another secret code because you want to pay a bill or send some form or other,
but the actual signing operation is performed on a server somewhere using a
key you never get direct access to. In other words, they might as well be
updating a row in a database, setting "has_signed" to true or whatever,
especially given the lack of accounting I've occasionally experienced with
certain financial institutions.
So this isn't even a situation where you have something that someone
"official" signs to certify it, so that other people can trust your own
signatures. Instead, it's a situation where an "official" body signs
everything on your behalf, ostensibly because you logged in to their service
at some point and said you wanted to do something. At this point, CA-centric
signatures are just a fond memory.
> > One supposed concern that government agencies (the normal ones, not the
> > ones doing all the spying) have is that individuals might not be able to
> > look after their keys, and that services in proper datacentres are
> > needed to do that for them,
> Naw, a smarcard would be sufficient for hiding the key. You don't
> need massive processing power either. E.g., if you want to do
> something on a TB of data, you wouldn't run that TB through the
> card's poor little electronic brain, but you'd generate a random
> key and ecrypt that with the card (for encryption), or do the same
> with a secure hash (for signing).
> The authorities also don't have to have faith your judgement when
> adding people to your Web of Trust. They can simply sign your key
> and only consider their signatures when checking your credentials.
> That's pretty much the same as in a CA-based scheme.
Yes, the trust network will have the authorities at the centre.
But anyway, I'm just gathering information to refute claims that the "common
man" couldn't possibly be trusted to look after his own keys. If people can
rely on distributed, personal solutions that prevent the theft and use of
their private keys, a solid case can be made against centralised systems that
perform cryptographic operations on their behalf.
Sorry to interrupt the thread, though! Perhaps I should look around for
similar gadgets to the one you propose. Alongside those crossword solver
products, newspaper readers may already be buying such things in their
More information about the discussion