@kkarhan@lexd0g Why is that? It's standardized public/private key crypto for the Web. Nobody would use Password auth for SSH anymore but we do for the Web... the problems are huge and TOTP doesn't address most of them.
Passwords are sent unencrypted. Yes, there's TLS, but secret reaches the server and it's in plain there!
That means you can easily phish them
Also you need to trust the server to actually hash (with a proper hash) and salt the passwords. Also protect the DB. Most don't do this properly.
TOTP is just as phishable. Of course it's only valid for 30s, but that's enough.
In case of data leaks of the TOTP seeds, people can simply break-in as well. Passkeys aren't compromised even if the server's DB was dumped!
...
What's the problem with pub/priv key auth suddenly?
not necessarily...
You could make the client hash it.
Phishing is a human problem, not a technical problem! You can't fix human hebaviour with technology, but only through education and awareness training.
You'd always have to trust a provider, so use different logins for every provider!
Same as with 2.
Same as with 2 & 3.
The problem is not Pubkey-based auth, we had that for ages with PGP and SSH.
I just don't see the added value compared to those...
Yes, but that wouldn't matter because I could then MITM the hash and just send that. Also, nobody does that (there are even reasons against that).
Nope, it's very much a technical problem, and indeed awareness is incredibly ineffective. It's technical, because phishing exploits the human-machine interface: Passwords is something we humans "understand" and have an intuition for. Unfortunately that intuition is incredibly wrong when applied to computers (what is a complex password?). Passwords are a security UX fail because offers unnecessary fault lines for humans to trap into. Compare it to ambiguous user interfaces or bad designs: Of course you can try to train people to use them properly, but you just also could make the interface better suited for humans.
Also, passkeys can't be phished (or tell me how :-p)
With Passkeys you don't need to trust the provider to secure the DB properly, so no. Also, you again put the burden on the user. Let the computer generate the keys and you have higher entropy and automatically unique credentials.
You may argue so, but then TOTPs don't add only neglible security (which is actually true). They're almost useless.
As I said, with Passkeys you don't need to trust the provider.
@kkarhan@lexd0g The added value is that passwords are an incredibly hard problem. Not only because of the Human-Computer-Interface thing. But also from a cryptography PoV. Every cryptographer worth their salt (pun intended) will push against passwords. They are incredibly bad entropy, password hashing is crazy hard. Like, even the Password Hashing Competition did it wrong (they say that themselves): Instead of actually selecting a good hashing function they chose a good KDF. Which is mathematically similar but actually has different properties you want in terms of computational hardness and timing stability. argon2id is actually not that good for hashing – but it's still recommended everywhere because of the PHC results. And despite the PHC jury trying to push against it after they've realised their errors.
Passwords are really a bad concept to begin with, but they're worse when mixed with computers and cryptography.
@kkarhan@lexd0g The added value is that passwords are an incredibly hard problem. Not only because of the Human-Computer-Interface thing. But also from a cryptography PoV. Every cryptographer worth their salt (pun intended) will push against passwords. They are incredibly bad entropy, password hashing is crazy hard. Like, even the Password Hashing Competition did it wrong (they say that themselves): Instead of actually selecting a good hashing function they chose a good KDF. Which is mathematically similar but actually has different properties you want in terms of computational hardness and timing stability. argon2id is actually not that good for hashing – but it's still recommended everywhere because of the PHC results. And despite the PHC jury trying to push against it after they've realised their errors.
Passwords are really a bad concept to begin with, but they're worse when mixed with computers and cryptography.
Also RE added value: They are definitely more secure, but also: They don't lose value either. So why should they be a an anti-feature?
@kkarhan@lexd0g The added value is that passwords are an incredibly hard problem. Not only because of the Human-Computer-Interface thing. But also from a cryptography PoV. Every cryptographer worth their salt (pun intended) will push against passwords. They are incredibly bad entropy, password hashing is crazy hard. Like, even the Password Hashing Competition did it wrong (they say that themselves): Instead of actually selecting a good hashing function they chose a good KDF. Which is mathematically similar but actually has different properties you want in terms of computational hardness and timing stability. argon2id is actually not that good for hashing – but it's still recommended everywhere because of the PHC results. And despite the PHC jury trying to push against it after they've realised their errors.
Passwords are really a bad concept to begin with, but they're worse when mixed with computers and cryptography.
Also RE added value: They are definitely more secure than passwords, but also: They don't "lose" value compared to them either. So why should they be a an anti-feature?
And SSH keys are nice and WebAuthn isn't much different. PGP is horribly broken though (different story).
@kkarhan@lexd0g But that's basically what it is? SSH for the web? Of course some choices are slightly different but that's because the threat model is slightly different.
That being said, what's the basis of "OTP but worse"? If anything, it's the opposite. OTPs do virtually nothing for security in any real-world setting. It's a phishable 2FA (thus defeating the point of it) that's also based on a shared secret, a crappy idea to begin with.
So I ask again: What's your problem with WebAuthn? Why is it supposedly worse than OTP? You agree that SSH for the web would be good and then declare it as worse than OTP. That's absurd.
And no, not people are the problem. IT Security is just obscure. Passwords are obscure. It's crazy complex to secure passwords, to understand all the threats behind them. They cannot be deployed safely except for locally generating encryption keys which then are used to derive or decrypt actual auth credentials. Like, literally what passkeys are. Or exactly like encrypted SSH keys work.
@ljrk@lexd0g It's worse because #Passkey brick a lot of workflows and systems as an addon-layer instead of fixing the core problem.
And the core problem is that #ITsec, #OpSec, #ComSec and #InfoSec are just "Afterthoughts" at best for all but the most #TechLiterate.
Using i.e. #PGP encryption and login on everything [and not as a "password replacement"] would be a way better fix.
Just like @torproject does a self-signing namespace on #OnionServices.
@kkarhan@lexd0g@torproject It's not an add-on layer, though?! It's a replacement. And it's all we want: A simple protocol (PGP doesn't even specify a protocol), a simple key format (OMG, PGP is so bad here), strong defaults (don't get me started on PGP) and just sane cryptography for one specific use case.
And as I said, it's not about tech literacy: Passwords cannot be done securely. There's not enough entropy, hashing before sending does not(!) help, people have misconceptions about passwords and how auth with passwords work (yes, the password is sent to the server!) and you have to trust the server at all. All of those aren't necessary from a technical standpoint. It's not about solving human problems with technology but actually getting rid of artificial problems induced by bad tech.
That being said, Passkeys are just like PGP for everything, except without the bad parts! It's less in many ways (less garbage) and more in those ways that PGP doesn't solve (key management).
Nor do they save the problem that platforms / logins don't do basic behaviour-based protection against just spamming credentials or irregular patterns.
@kkarhan@lexd0g First, Passkeys are just like SSH but designed for Web login flows. If you say "I want SSH but for the Web" – that's Passkeys!
And no, TOTP does not actually help you there. It's broken. It tells you it's secure when in reality it's not. It's completely beside any relevant threat model. It's a shared secret, it's dead in the water. Jeez, I hack orgs for a living. Passkeys ruin my day and that's a good thing. Also they ask for a confirmation.
Tech Literacy is one thing. But we don't need people to be literate about broken technology. It's like demanding people know about one's complement or heaven's gate to use a computer. Don't know what that is? Well, bad luck, you're not tech literate.
Also: Spamming creds against Passkeys? Try brute forcing them lol... it's just not needed anymore. You don't need all that crap once you have decent auth!
@kkarhan@lexd0g First, Passkeys are just like SSH but designed for Web login flows. If you say "I want SSH but for the Web" – that's Passkeys!
And no, TOTP does not actually help you there. It's broken. It tells you it's secure when in reality it's not. It's completely beside any relevant threat model. It's a shared secret, it's dead in the water. Jeez, I hack orgs for a living. Passkeys ruin my day and that's a good thing. Also they ask for a confirmation.
Tech Literacy is one thing. But we don't need people to be literate about broken technology. It's like demanding people know about one's complement or heaven's gate to use a computer. Don't know what that is? Well, bad luck, you're not tech literate.
Also: Spamming creds against Passkeys? Try brute forcing them lol... it's just not needed anymore. You don't need all that crap once you have decent auth!
@ljrk@lexd0g I think forcing people to learn actual encryption and tech would be better...
Whilst Passkeys can't be phished once established, the whole TOFU setup OR Key Custody issues still exist until it's setup.
And considering how hard it is to convince people to exercise proper ITsec and encrypt their shit see [#PGP/MIME on #eMail] I think forcing people to learn absolute basics will work far better.
@ljrk@lexd0g We live in a world where millions of people don't think twice before logging in on their Online Banking whilst a stranger with bulk access to their machine via a remote support tool claiming to be a rep from Amazon is watching them and that don't even think twice when said scammer pulls some cheap XSS on the UI to convince someone to wire thousands to said scammer...
@ljrk@lexd0g
And yes, I think that instead of Passkeys we should've yeeted SSL for PGP as this would've made login-bruteforcing like with #23AndMe more resource-costly, slower to do and more likely to get caught early on.
@kkarhan@lexd0g Yes it would. Because they wouldn't. They wouldn't be able to. Because Passkeys are unique. You generate one keypair per site – end. You prevent the user from even making the mistake. If you have an application that has a button for "detonate nuclear bomb" next to "save document" the solution is not to train the user but to get rid of the fucking button.
Also, brute forcing would've been impossible either, even better than PGP because the crypto is actually selected to be timing side channel resistant and conform to other properties that were irrelevant for PGP.
Look, you obviously don't know how Password auth works if you think they hash passwords before sending or that this would help. Nor how Passkeys work if you think they are the same cred for multiple sites.
Which, kinda ironic, if you say we need more tech literacy. Because sorry, you don't know shit. You're so painfully wrong in your basic, technical, assumptions about authentication primitives, it hurts. Please, I beg you, go learn how password auth works. Idk, try the Portswigger Labs or something .
@kkarhan@lexd0g Also... SSL for PGP? SSL isn't less resource costly than PGP ffs, it's a completely different tech for a different use case though. It's... wildly different, like, not at all comparable.
Except for cryptographic strength where current SSL just... is actually quite good.
@ljrk@lexd0g The problem is that #SSL is trivial to #DoS & #DDoS and doesn't require a malicious actor on #Client-side to create their Pubkey at a similar computational cost,
And PGP would solve the whole #login issue more elegantly - just like with eMail encryption!
@kkarhan@lexd0g What?! First off, what has DoS to do with brute force and also with login/authentication (there's of course SSL based logins but those are usually only employed company internally if at all). Second, that issue is nothing that PGP would solve... because that stuff is not specified in PGP. PGP doesn't even attempt to solve the problem.
Neither does PGP solve encrypted communication. It turns it into a key management problem instead. You know, the hardest problem in crypto. Which, btw., again a lot of infosec pros DO WRONG.
And if you don't know how Passwords work (which, you proved, you don't) then I don't trust you with PGP.
@ljrk@lexd0g Again: Think of me what you will, but if I were wrong we'd not have this conversation because I'd not be able to reply.
And yes, if we can't trust people to store their passwords correctly, why should we trust them to do so with passkeys?
Like when it's trivial to cookie-steal shit and/or RAT people then the problem ain't passwords or passkeys but #TechIlliterates clicking every shit, using #Govware that is trivial to lace with #malware and lack of proper #2FA being setup.
@kkarhan@lexd0g What? Of course you can reply without understanding how Passwords work?!
Servers don't need to store Passkey secrets – problem alleviated.
Clients don't need to send Passkey secrets – problem alleviated.
You don't need to trust them to do things correctly IF THEY CANNOT DO IT WRONGLY.
You're now just throwing random stuff at me that's only barely related. Ffs I hack people for a living, I KNOW how to phish, how to inject code how to whatever. And shit ain't working for Passkeys.
Except if you do something completely different, more complicated path of exploitation. Which, you know, proves that Passkeys actually made things safer.
Also, 2FA won't save you. I wrote it once, twice, and it still is correct as written. You didn't address ANY of my technical points, but you displayed a shocking amount of technical illiteracy and misconceptions about basic things I'd expect anyone to know who should've a say on this. We decry politicians who act without knowing things and yet, you are here, talking about stuff you are technically inept and incapable of understanding.
@kkarhan@lexd0g Give me a technical reason how I wouldn't be able to phish TOTPs or how they provide any substantial security against phishing.
Also, ask my company, but I'll bet we won't take on such a small contract, and I don't bother in my free time. You showed your tech illiteracy to all the onlookers which is enough for me – the biggest damage prevented.
@ljrk@lexd0g I disagree with your conclusion in the end for reasons I'm not at liberty to disclose because that's how people get social-engineered into leaking intel.
@ljrk@lexd0g Think of me what you will, but to me #Passkey|s are a hinderance because we failed to make #TechLiteracy mandatory the way we did it for cars...
@kkarhan@lexd0g Obviously PGP didn't either because you don't know how Passwords work, not how SSL works and how PGP is something completely different. Tech Literacy had failed you badly.
@ljrk@lexd0g SSL is trash because it requires value-removing middlemen aka. CAs to work and the inherent structures in IT cockblocked community-based CAs like #CACert for digital philantropy aka. @letsencrypt / #LetsEncrypt...
SSL is systemically bad and unfixable per design - period.
I don't see the added value of Passkeys over API-Keys, Login-Cookies and proper Login Managment...
@ljrk@lexd0g and no, #PGP fixes the #trust issue to one only needing to trust one person at a time and not some corporation to be a front for some cybercriminals and OS/Browser vendors to do their due diligence...
Call me paranoid but I only trust people, not orgs or corporations!
@kkarhan@lexd0g Seemed to have failed. If you think Passwords are hashed before sending or that this would do any good.
Or that shared secrets are a good idea.
Heya, I actually did crypto, I teach crypto, I audit crypto, and I supervise thesis on crypto. Like, you know, kiiiinda qualified to talk about the topic. Also, I pointed out things you said are completely wrong and you didn't even try to answer that.
@ljrk@lexd0g Nor does Passkey help the fact that most attacks that are successful are done by socially engineering people into doing incredibly stupid and bad things...
It's just another layer of FlexTape instead of fixing the root cause!
@ljrk@lexd0g Yeah, but then they don't provide me as a user with any benefit that using a password manager with unique credentials didn't provide me already except bricking auth for stuff that doesn't do passkeys...
@lexd0g@kkarhan Nitrokeys FIDO2 hardware tokens and can store multiple discoverable FIDO2 credentials (aka Passkeys) or 1 non-discoverable FIDO2 credential that can be used for multiple different sites by using site-specific seeds.
But yeah, you can use them everywhere where Passkeys can be used.
Physical access is out of scope (for good reason) for Passkeys. You can (and will) still use passwords for that because surprise different attack vector.
You can use FIDO2 everywhere where Passkeys work because... Passkeys are FIDO2 tokens
You can do that.
So no, Passkeys don't brick anything because everything you claimed they brick they aren't used for.
@kkarhan Also, I didn't say, "your company is too small for us". But we don't do absurd small scale engagements just to prove a point (not even for Deutsche Glasfaser ;D). That isn't the kind of contract we're looking for. But I can give you a number of companies who'd gladly prove you wrong. Expect bills of around 1.8k per day, which should be easily in budget of course.
@ljrk Well, I see you're able to find the precisely placed OSINT...
And no, if anything I'd consider calling your employer [unless you explicitly don't want to, which I'll respect OFC] if need be because you didn't fail the test...
@lexd0g@kkarhan Nah, Passkeys are actually a pub/priv keypair that's created per site. That means strong crypto by spec rather than... whatever the server did. Also, the server only stores the public portion and not the private version (unlike shared secrets). Further, you never send the private version to the server (unlike shared secrets).
Sounds a lot better with less failure modes? Well, yeah, because it is.
@kkarhan@lexd0g You don't make a case why awareness would work, but just one how broken tech is. XSS should be a thing of the past by now, we have the technology to safeguard against that 100%. Alas, we don't.
But awareness trainings DON'T WORK. Like, look at the stats. They don't fuckin work.
@kkarhan@lexd0g The problems here are securing passwords and key management. Like, basically the two hardest problems in cryptography that aren't solved yet really and are fields of active research... and you demand that users "understand" them?
No, TOFU virtually doesn't exist because we talk about authentication against an entity you registered at before. If I fake a website and trick somebody in enrolling a new passkey for it when registering... I didn't gain anything besides a useless pubkey. Key custody is mostly a solved problem with password managers + E2E + KDFs from a local password. Which, you know, is how passkeys work.
It's even safe against like most of the social engineering attacks you can realistically drive.
And I'll tell you a story about PGP: There's a lot of vendors who sell encrypted mail as a service, especially in corp contexts. Using PGP. The devs are really amazingly good at their job, they're pros. The software was really good and everything. But there was a bug. You know, because they misused GPG in a tricky way that's totally not obvious. Kill GPG, not even infosec pros often actually use it correctly. You may believe you do, but no, you don't.
Add comment