Syndicated Linux NewsThis forum is for the discussion of Syndicated Linux News stories.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How many passwords do you have? Probably more than you can easily remember or comfortably manage on your own. And I’m willing to bet that you dread coming up with new ones when you sign up for something online.Jonathan LeBlanc of PayPal is on a mission is to replace the password with something more secure and easier to use.read more
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I don't think there is a "one size fits all" replacement for passwords. No way we could do without them at my place of work, for example, where we us two-factor authentication as it is.
Last edited by 273; 04-08-2015 at 01:01 AM.
Reason: Typo's.
Passwords are simple, easy and great authentication mechanism. Those against may keep a electronic passbook or whatever. It is their problems/headache.
Passwords are simple, easy and great authentication mechanism.
Not a great authentication method, in fact very weak. Challenge response protocols using public key cryptography or symmetric cryptography provide strong authentication.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I'm not sure I understand what "challenge response" is in this context?
Unless you're using a password you're using a data storage device with a public key on it. A key is the only way to lock anything.
I'm not sure I understand what "challenge response" is in this context?
Unless you're using a password you're using a data storage device with a public key on it. A key is the only way to lock anything.
A password provides weak unilateral authentication. More complicated protocols provide strong mutual authentication, which helps prevent a number of attacks.
Yeah, there is always a key, often derived from a password and salt. You could also keep the key on a storage device as long as it is secure.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Ah, sorry, I see what you mean. I tend to think of "what I have to remember" as the "password" and while I know there are more secure ways of my supplying it, like my bank asking for certain digits, the "password" is still there and I need to know it.
So, yes, I agree that that kind of mechanism is more secure.
I'm just not sure how that helps the need to remember passwords which, to me, seems to be what everyone finds a problem with.
Pass phrases seem to work pretty well and are easy to remember. You could also keep a USB stick with the key on it with you.
There are also other methods like one time passwords, and biometrics.
Biometrics have their own issues. Fingerprint scanners can often be bypassed using some clever techniques. Other biometrics are harder to fake, but also harder to obtain because you need expensive hardware.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
"pass phrase" and "password" are interchangeable -- they're a remembered series of characters.
One-time passwords require some kind of pseudo-random number generator either on the device you're trying to log on with (i.e. an Android app which generates numbers for your bank web site) or a separate token. Both of which mean gaining access to the physical device means gaining access to the protected system -- unless the device is protected by a password...
Or, protected by a biometric which, yes, as long as they're robust enough are at least difficult to forge or steal. They also have the benefit of not requiring a good memory. Certainly where violence isn't likely they seems a pretty good solution and I've even seen a lot of mention of them being "salted" in such a way that it's not possible to work back from the key to recreate the actual biometric data.
"pass phrase" and "password" are interchangeable -- they're a remembered series of characters.
Yeah, but a pass phrase is usually much easier to remember than something that must have a number, special character, upper and lower case characters. If it is long it is also usually stronger.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by metaschima
Yeah, but a pass phrase is usually much easier to remember than something that must have a number, special character, upper and lower case characters. If it is long it is also usually stronger.
In that respect, yes, they often are. I think the old rules they employ that a number, capital letter and special character are silly but, then again, I also think not allowing them is silly. After all "Mary bought 2 large, white, donuts." must be moderately strong at least, for example.
Pass phrases seem to work pretty well and are easy to remember. You could also keep a USB stick with the key on it with you.
There are also other methods like one time passwords, and biometrics.
Biometrics have their own issues. Fingerprint scanners can often be bypassed using some clever techniques. Other biometrics are harder to fake, but also harder to obtain because you need expensive hardware.
Even all current public accessible biometry is fakeable.
Keys for symmetric/asymmetric crypto can be derived from passwords. If password uses all ASCII printable characters a 20 character long password produces 128 bit of security. And the most basic, easy and simple way would be passwords only. As they use simple, basic and available keyboards. And get to have the security in mind of the user not in some hardware key which can be stolen.
Even all current public accessible biometry is fakeable.
Keys for symmetric/asymmetric crypto can be derived from passwords. If password uses all ASCII printable characters a 20 character long password produces 128 bit of security. And the most basic, easy and simple way would be passwords only. As they use simple, basic and available keyboards. And get to have the security in mind of the user not in some hardware key which can be stolen.
There was an article from Germany I believe, where in order to steal a biometrically secured car, a thief cut off the owner's finger.
There is also the possibility that if someone wants the password, they'll beat it out of you.
Instead, having your key stolen, isn't such a big deal, especially since you can revoke the key in a good cryptosystem (much like a stolen credit card).
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Keys are too easily lost, stolen and (generally) broken (physically) in my opinion. As mentioned we use two-factor authentication at work and, while that may justify the problems associated with smart cards, it means that our smart cards would simply be far to valuable if used alone. Bank tokens similarly would be too valuable to use alone. Think about how credit cards have PINs because if they didn't a piclpocket could easily wipe out your account before you get to the next station, for example.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.