Ben Laurie blathering

What Does “Unphishable” Mean?

About a week ago, I posted about password usability. Somewhere in there I claimed that if passwords were unphishable, then you could use the same password everywhere.

Since then, I have had a steady stream of people saying I am obviously wrong. So, let’s take them one at a time…

…as long as the password I type in there is send over (encrypted of course) to the backend and recoverable there as plaintext password, you have to trust it is stored/used securely there.

This does assume that everywhere you use it actually secures your password, and doesn’t just store it as plain text.

…there are many attacks to finding your password — an administrator at Facebook could look it up in the password database…

OK, OK, that’s three, but they say the same thing. This one is easily dismissed – obviously if we are using an unphishable protocol the password is not sent at all and it is not kept in Facebook’s database. If it were, then clearly a phisher would easily be able to get your password once he tricked you into typing it in on his site.

Even with perfect or near-perfect hardware, somebody will always find a way to game the system via social engineering.

Don’t forget that we are in a utopia here where users only ever type their passwords into the unphishable password gadget. I think it’s pretty reasonable to assume that if we’ve trained users to do that, we have also trained them to never reveal their password at all anywhere else, including in person, over the phone, via video-conference or during a teledildonics session. Yes, this does mean changing the world, but … utopia, remember?

Mythical crypto-gadgets simply won’t save the day. All somebody has to do is replace your crypto-gadget with an identical-looking crypto-gadget of their own making and now it becomes the new “password” input field that is so phishable

This seems to be more a criticism of the idea that we can ever get to the password utopia, which is a fair comment, but doesn’t make my argument incorrect. I will offer, though, hardware devices (such as the one I wrote about recently) as an answer. Clearly much harder to replace with “an identical-looking crypto-gadget of their own making” than software.

There is also the notion of the “trusted path” which, if anyone ever figures out how to implement it in software, would make such a replacement equally difficult even if we don’t use hardware. However, if you read the Red Pill/Blue Pill paper, you’ll see I don’t hold out much hope for this.

you could have a weak password that the hacker could attack via brute force

This one is actually correct! Yes, it’s true that an unphishable password must be strong. Clearly no system relying solely on a password can defend against an attacker guessing the password and seeing if it works. The only defence against this is to make it infeasible for the attacker to guess it in reasonable time. So, yes, you must use a strong password. Sorry about that.

The primary reason one should not use the same password everywhere is that once that password is discovered at one location, then it can be reused at other locations

I feel that we’re veering off into philosophy slightly with this one, particularly since, in the same post, Conor says

I also look forward to being able to login once at the start of my day and maintain that state in a reasonably secure fashion for the entire day without having to re-authenticate every few minutes

which is an interesting piece of doublethink – surely if whatever provides this miraculous experience (one I also look forward to) is compromised then you are just as screwed – so wouldn’t the argument be that I should have a large number of these things, which I have to log into separately?

Nevertheless, I will have a go at it. In our utopia, remember, our password is only ever revealed to trusted widgets (whether hardware, software or something else is immaterial). This means, of course, that the password can’t be “discovered at one location” – this is the nature of unphishability! Therefore, I claim that the criticism is a priori invalid. Isn’t logic wonderful?

I don’t follow.

Because I can’t be fooled into divulging some credential where I shouldn’t means that it is appropriate that I use it everywhere? Are there not other attack vectors that would drool at the thought?

I include this for completeness. Clearly, this is a rhetorical device. When Paul comes up with an actual attack, rather than suggesting that there surely must be one, I shall respond.


Conversely, that the fact that I can use the same credential everywhere is somehow a necessary aspect of ‘unphishability’?

Indeed it is. If it were unsafe to use the same credential everywhere, then the protocol must somehow reveal something to the other side that can be used to impersonate you (generally known as a “password equivalent” – for example, HTTP Digest Auth enrollment reveals a password equivalent that is not your password). This would make the protocol phishable. Therefore, it is a necessary requirement that an unphishable protocol allows you to use the same password everywhere.

Even more finally, for those whose heads exploded at the notion that I can log in with a password without ever revealing the password or a password equivalent, I offer you SRP.


  1. There’s a catch, as always. More in my blog:

    Comment by Radovan Semancik — 4 Dec 2008 @ 11:12

  2. Why have one password that you use everywhere?
    You’re jumping over the “need” and going straight to the solution, the need is surely to only have to remember one password.

    If you propose a “gadget” to make passwords unphishable why not have that gadget translate your one human memorable password into separate random, strong passwords. And have it manage the whole process for you, when you present your one memorised password.

    Personally I use firefox remember passwords to remember website usernames and passwords for me, I only have to remember the one I type into firefox. More often than not I have to look them up in firefox if the url of the log-in page has changed because I don’t even bother trying to remember them any more.

    Make that web password gizmo a general password gizmo and I’ll by one (or download the community version at least!), but be careful you don’t invent microsoft passport, just because I’m lazy doesn’t mean I want a police state either.

    Comment by danny — 4 Dec 2008 @ 18:11

  3. […] LinksThe Rest I Just Squandered « What Does “Unphishable” Mean? […]

    Pingback by Links » Making No Sense — 4 Dec 2008 @ 20:27

  4. Ideally in this utopia a users one password is also something they can’t forget, lose, or give away; something that’s unique to them, eg. dynamic biometrics.

    In part of my ‘classical’ utopia I envision reconfigurable gadgets that learn user metrics through challenges over time, throwing away the individual biometrics, while maintaining the dynamic one. Reconfigurable in all ways, because if any one electronic component in the device is compromised, the other components from different manufacturers can be used for byzantine fault tolerance. Thereby not relying on any one manufacturer, component, nor single piece of software that reconfigures the reconfigurable devices. The only single points of failure at the gadget level are then the user themselves and the network. And those users have a genetic history, so even they are not really a single point of failure. 🙂

    The network then becomes the point of failure. So make that wireless and content-centric, and store all of your identity encrypted in the cloud, interfaced with the initially dumb reconfigurable cloud gadgets. tada.

    I’m just not sure how a gadget with compound screens, cameras, keyboards, microphones & every other component would go down. 🙂

    Comment by Craig Overend — 4 Dec 2008 @ 21:14

  5. Danny, one difference that springs to mind is that if your device stores those strong passwords of yours then it seems like someone could get hold of it and brute force the device directly. With the device Ben has been talking about the passwords, unless I’m missing something, are never stored… if they want to break it they have to brute force the device when connected to a service you use, leaving them with more latency (less reasonable time-frame to crack) and a much higher chance of getting caught. I’m tired and have a headache though so my logic might be b0rked.

    Comment by Rich — 6 Dec 2008 @ 23:15

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress