Re: Salsa update: no more "-guest" and more

To: debian-devel@lists.debian.org
Subject: Re: Salsa update: no more "-guest" and more
From: Russ Allbery <rra@debian.org>
Date: Sun, 26 Apr 2020 17:25:36 -0700
Message-id: <[🔎] 87wo6122rj.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 871ro93hmm.fsf@hope.eyrie.org> (Russ Allbery's message of "Sun, 26 Apr 2020 17:19:13 -0700")
References: <20200418213339.GB32260@waldi.eu.org> <[🔎] 8555e1c9-2ae9-fc7e-8278-4e4e1bf1b0f1@bzed.de> <[🔎] 20200425164941.4nrgwu636mk564y5@shell.thinkmo.de> <[🔎] B4960B93-DB48-469A-A2A2-6E2D7383D219@bzed.de> <[🔎] 1aa1982f-e333-df39-121c-b7d0ceecaf3c@debian.org> <[🔎] 45946438-59a6-f2f3-98b0-3610c4982441@bzed.de> <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org> <[🔎] de5ebb9f-a729-f0ae-653a-2053ef7fd8cd@bzed.de> <[🔎] d8e1363e-59e3-5925-c403-a6f0cc7dac49@debian.org> <[🔎] 871ro93hmm.fsf@hope.eyrie.org>

Russ Allbery <rra@debian.org> writes:

> That's effectively what a password manager simulates, albeit trading off
> local secure storage for convenience while limiting the strong passwords
> someone has to memorize to one.  I would argue that the only functional
> difference between a properly-configured password manager and using TLS
> client certificates is that password managers have better UI.  (Which is
> important!)

On re-reading this (which I should have done before sending it rather than
afterwards), I left out some context that made this statement look too
sweeping.  I meant that a password manager with random passwords and
client TLS certificates look similar in their security properties for a
user: you enter a password to unlock a secure store and then some opaque
blob in that secure store is used to authenticate.

Obviously, passwords (assuming no special crypto magic) are effectively
bearer tokens whereas TLS client certificates use asymmetric crypto, so
TLS client certificates are better than password managers for all the
normal reasons why asymmetric crypto is better than bearer tokens (defense
against man-in-the-middle eavesdropping, primarily).  My very rough
understanding of PAKE schemes (which may well be wrong) is that they
effectively turn passwords into asymmetric crypto, thus bringing them
closer to TLS certs except with a fairly weak asymmetric key.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to:

References:
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Bastian Blank <waldi@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Salsa update: no more "-guest" and more
Next by Date: Re: Salsa update: no more "-guest" and more
Previous by thread: Re: Salsa update: no more "-guest" and more
Next by thread: Re: Salsa update: no more "-guest" and more
Index(es):
- Date
- Thread