[153987] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed Jun 20 15:44:26 2012
Date: Wed, 20 Jun 2012 12:43:44 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <4FE224F2.5020002@armoredpackets.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--1yeeQ81UyVL57Vl7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Wed, Jun 20, 2012 at 03:30:58PM -0400, AP NANOG wro=
te:
> So the question falls back on how can we make things better?
Dump passwords.
The tech community went through this back in oh, 1990-1993 when
folks were sniffing passwords with tcpdump and sysadmins were using
Telnet. SSH was developed, and the problem was effectively solved.
If you want to give me access to your box, I send you my public
key. In the clear. It doesn't matter if the hacker has it or not.
When I want to log in I authenticate with my private key, and I'm
in.
The leaks stop immediately. There's almost no value in a database of
public keys, heck if you want one go download a PGP keyring now. I can
use the same "password" (key) for every web site on the planet, web
sites no longer need to enforce dumb rules (one letter, one number, one
character your fingers can't type easily, minimum 273 characters).
SSL certificates could be used this way today.
SSH keys could be used this way today.
PGP keys could be used this way today.
What's missing? A pretty UI for the users. Apple, Mozilla, W3C,
Microsoft IE developers and so on need to get their butts in gear
and make a pretty UI to create personal key material, send the
public key as part of a sign up form, import a key, and so on.
There is no way to make passwords "secure". We've spent 20 years
trying, simply to fail in more spectacular ways each time. Death to
traditional passwords, they have no place in a modern world.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--1yeeQ81UyVL57Vl7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBT+In8LN3O8aJIdTMAQI84g/+LCFd2BVfc4NVbCQY/BM4yB7uwl3rYiIs
Q2moXtsuNxmqH6NEhDzQgHY9GIQngyEt+9HCdjioAhOwsruBMQBZR6m9WAb2qblC
5ogbKuTkN9gyG2ufpefMWLo1hUwbV1wxZ/9IpivPCof3bM2jgw1R//kds2wLiJBx
vXlLHmho3jhmF/GriIc6frpGedMJlwOyMwyqQaukmc45Kn4to47ROsg83d59DmYQ
UVHFFmTiwOumv7JsQJPZ+XPSMHxKInxl+to8kQ+ia0X4AnooOjdBoxDCtlDIEv2N
PgFSqKVOfoQtgZNjcNaUPWpngOhcSIvfJk7xSW7BT/7lcN6Q0bBED5XfbNjNKoCS
Hro0JcEYMpFyBr96iWLGIzLpUbzd9NjN8bisxhx83SjFTnbMOAST2U1U+Tjse6mU
YVMT/sLnAUGIoVUGtVBGCqJt281j4e2/geR5wQ9L87mOJ/LvyUhY/gWu5pJ6a+bw
PzGRkUmpnA8qAmXdyG/f1YjhhZYu7p5NBo06xbY/BicP4XZqraudufuzhZUTiHvG
9hgERqdMSgWnt8qCNxeuQf9UPxm+n809btv+PAeCTIR59Ht9ZnuiLIWuI589ORTf
10AoQK0CJeB/1YUrFuOczWsIuykCZdlN1wdLEc9+wtBS/L6sq2yBfms0Tgds9sFg
GexVFOC6mFg=
=6+rC
-----END PGP SIGNATURE-----
--1yeeQ81UyVL57Vl7--
