At 3:35 PM -0600 12/7/2000, Rick Smith at Secure Computing wrote:
>At 02:43 PM 12/7/00, Peter Fairbrother wrote:
>
>>In WW2 SOE and OSS used original poems which were often pornographic. See
>>"Between Silk and Cyanide" by Leo Marks for a harrowing account.
>
>Yes, a terrific book. However, the book also contains an important
>lesson regarding human memory.
>
>Marks was responsible for training agents in crypto procedures to
>use while operating behind enemy lines, and he was also responsible
>for decrypting the messages they sent back. Marks found himself
>organizing a cryptanalysis team (independent of Bletchley) primarily
>for the purpose of cracking of mis-encrypted messages received from
>their own agents. In short, the agents mis-remembered their poems
>and used their faulty recollection as the basis for their encryption.
The book is excellent. I wrote a review of it from a crypto
perspective. it's online at
http://world.std.com/~reinhold/silkandcyanide.html In this context it
is worth noting that Marks gave up on memorized keys altogether,
preferring one-use keys printed on silk and hidden in the agents'
clothing.
>Now, just how do we intend to address such concerns in our
>memory-based authentication systems? Our whole technology for using
>memorized secrets is built on the belief that people will remember
>and recite these secrets perfectly. Some applications could take
>more of a 'biometric pattern matching' strategy that measures the
>distance between the actual passphrase and a stored pattern. But
>this won't provide us with a secret we can use in crypto
>applications like PGP.
>
On simple thing we can do is to stop telling people that must never
write their passphrase down. For most users memorization greatly
increases the risk of losing valuable data while doing little to
protect against real risks. A written-down key can be kept in the
user's possession or in a safe deposit box, and, unlike a hardware
token, it can be backed up. Does anyone have data on how often the
average person loses their wallet or purse and has to replace their
credit cards? From my friends' experiences I'd guess it averages at
least once every 10 years, with some people seeming to lose theirs
every couple of years. Lose a token and your (unescrowed) data is
gone.
Another thing that would make passphrase use easier for most people
would be to make passphrases case insensitive. Weird capitalization
may have been a marginally useful way to add entropy when users were
restricted to 8 character passwords, e.g. Unix Crypt(3), but it
really makes no sense in longer passphrase systems if you think about
entropy per keystroke, which I think is the right measure of user
cost.
Finally, I'd like to see software that employs passphrases offer to
suggest a passphrase, rather than let the poor user sort through all
the conflicting -- and often bad -- advice that is out there. After
all, any public key system has to have a good source of true
randomness. And if you don't trust that software, you shouldn't be
giving it you passphrase under any circumstances.
Arnold Reinhold
