Heartbleed and SuperGenPass

After an older post of mine a colleague pointed out SuperGenPass to generate different passwords for each service out there from a single master password and the domain name in use. The idea was interesting, especially since it’s all client-side, which sounded very appealing to me.

Unfortunately, it didn’t take long for me to figure out a few limitations in this approach; the most obvious one is of course Amazon: while nowadays the login page even for Audible is hosted at the amazon.com domain, the localized stores still log in on, e.g., amazon.co.uk, but with the same password. Sure it’s easy to fix this, but it’s still a bit of a pain to change every time.

Also, at least the Chrome extension I’m using, makes it difficult to use different passwords for different services hosted at the same domain. You have an option to enable or disable the subdomain removal, so if you disable it, you’ll get different passwords for http://www.example.com and example.com (unlikely to be what you want) while if you enable it, you’ll get the same password for forums.gentoo.org and bugs.gentoo.org (which is not what I want). Yes you can fix it on a per-service basis, but it adds to the problem above.

The last bother in the daily usage of the extension, has been with special characters. SuperGenPass does not, by default, use any special characters, just letter (mixed case) and numbers. Which is perfectly fine, unless you have a website that stupidly insists on requiring you to use symbols as well, or that requires you to use (less stupidly) longer or (insanely stupidly) shorter passwords. You then have to remember.

All three of these complains mean that you have to remember some metadata in addition to the master password: whether you have to change the domain used, whether you’re using subdomain removal or not for that particular service, and whether you have to change the length, or add special characters. It partly defeats the purpose of having a fully stateless hashing password generator.

There is also one more problem that worried me much more: while it makes it so that a leak from a single website would leak your base password for everything else, it does not entirely make it impossible. While there’s no real way to tell that someone is using SuperGenPass, if you’re targeting a single individual, it’s not impossible to tell; in particular, you now know I’ve been using SGP for a while, so if a password for an account named Flameeyes gets leaked, and it looks like an SGP password, it’s a good assumption that it is. Then, all you need to do is guess the domains that could be used to generate the password (with and without subdomain removal), and start generating passwords until you get to the master password used to generate that particular site password. Now you just need to have an educated guess to the domain you’re going to try login as me, and you’re done. And this is with me assuming that there is no weakness in the SGP algorithm — crypto is honestly too hard for me.

And now there is heartbleed — go change all your passwords, starting from xine. But how do you change your passwords when you have them generated? You have to change your master password. And now you have to remember if you changed the password for a given service already or not. And what happens if one of the services you’re using has been compromised before, such as Comixology? Now you have three different master passwords, if not more, and you’re back to square one, like SGP was never used.

So with all this considered, I’ve decided to say goodbye to SGP — I still have a few services that have not been migrated – but not those that I’ve named here, I’m not a moron – but I’m migrating them as I got. There are plenty of things I forgot I registered to at some point or another that have been mailing me to change their password. I decided to start using LastPass. The reason was mostly that they do a safety check for heartbleed vulnerabilities before you set up your passwords with them. I was skeptical about them (and any other online password storage) for a long time, but at this point I’m not sure I have any better option. My use of sgeps is not scalable, as I found out for myself, and the lack of 2FA in most major services (PayPal, seriously?) makes me consider LastPass as the lesser evil for my safety.

Apple’s TouchID — A story of security, or convenience?

Everybody today seems to be either panicking or screaming murder at Apple because of the “revelation” by the CCC that TouchID – the new fingerprint-scanning technology in the iPhone 5S – is extremely easy to bypass. I find this both non-news and actually quite boring.

So first of all, what is this about? Well, basically it’s possible to lift someone’s fingerprint out of a glass or something, and then use that to reproduce a copy of the fingerprint, and use that to unlock the phone. I would argue that it’s probably possible to lift the fingerprint out of the phone itself, if you really want.

Why am I not excited by this method like it was a new discovery? Simple, because MythBusters used the same idea back in 2006 to work around a fingerprint-based lock. And even at that time it turns out that the fingerprint scanner from the lock, which was actual physical security, was less picky than the one from an USB device. Not surprising, as it looks like the lock only had an optical scanner.

Please don’t get me wrong, CCC did the right thing, it’s just that I don’t think it’s a new technique as some people try to paint it.

So, if TouchID is this easy to bypass, is it a completely useless move from Apple? Or, as some paranoids seem to tell it, is it a willing move from Apple to make their users less secure so that governmental agencies can more easily get data out of phones? Well, one thing is for sure: it’s not a more secure method than the PIN lock that has been available up to now.

On the other hand I’m not that quick to ascribe all of this to malice, as many do. Nor to incompetence. The problem is that the choices are not between PIN and TouchID — the choices are between PIN, TouchID and absolutely nothing, and a lot of people have been decider for the latter, because of the trouble into putting in a 4-digits PIN every time you want to use the phone. Yes I know, and most of you readers know, that an unlocked phone is an idea that goes into the absolutely stupid, but most people use iPhone because they want something that does not get in your way, as Android can easily do.

*I don’t use an iPhone, although I do have an iPad, which I use less and less, and an iPod Touch by which I swear. I need the flexibility of Android.*

Security conscious people are unlikely to move away from PIN – so their security is not going to be compromised, although I would have liked more than 4 digits – but people who were not using a PIN before, because too inconvenient, are more likely to use TouchID now. Which improve their general privacy.

A similar concept comes up if you look into passwords management: using a password manager/wallet is an option but you still have to come up with passwords. What most people realistically do, is to use always the same password, because it’s convenient. And extremely insecure.

On the other hand you have solutions like (SuperGenPass)[http://supergenpass.com/] that generates passwords out of a master password and the domain name. This is the solution that a colleague of mine suggested to me and that I’ve been using now for a while. It’s still not perfect security: if an attacker gets a hold of hashes and can get to the password through rainbow-table, it’s still possible to recover the master password.. it’s much harder for the attacker in that case since you need multiple rainbow tables. And that’s supposing that they can identify the SuperGenPass users at all.

Here’s it what it boils down to: will TouchID make it so inconvenient to iPhone thieves on the street to try taking your phone on the go, compared to no PIN locking at all? Yes, most likely. Which basically means that its target was reached. Will it prevent sophisticated thievery, or more targeted attacks? No, but a 4-digits PIN is unlikely to be much better, as you have just so many combinations.