Travis Crump <pretzalz@techhouse.org> [2002-08-16 00:16:31 -0400]: > This is slightly off-topic, but why are RSA keys considered more secure? Security has many levels. Nothing is black and white. It is all shades of grey. With occasional splashes of chartreuse! A password is a single piece of information. Anyone who knows that piece of information may log into a password system. Once the genie has escaped from the bottle, once the password is known, you cannot cause it to be unknown. You can change your password. But if I have gotten there first and prepared proper countermeasures on your system using your old password then I can know your next new password as you change it. Sometimes I don't even need to know your password. It might be sent encrypted but if it is the same each time then I might be able to launch a replay attack using the a previous sessions responses. (This should sound like web cookies to people here.) Also, just being able to count the characters that go back and forth might enable me to reduce the search space. If I know you are using a five character password then I won't try cracking anything else and at five characters I can probably do it. If I don't know then I have many more combinations that I must try in a brute force attack. People tend to reuse passwords. So the password you use on web site xyz I might be able to use on your computer too. RSA keys on the other hand are more than just one thing that you know. It is something you know, the passphrase on your private key, plus something you have, the private key. You always use a passphrase on your private key, right? The login system is more active in a challenge response type of way. The system encrypts a random number block and challenges you, well your client software, to decrypt it with your private key. If you can decrypt it and send that data block back as a response then you must be who you say you are. Because the challenge response sequence is random it counters replay attacks. No two logins are ever the same. Plus the keys are much larger than passwords and trying to do a brute force attack against them is more difficult. Even if I think I know your passphrase I still have to get a copy of your private key, which means cracking your system first. If I get a copy of your key, say from a backup tape, but it is protected by a passphrase then I still can't use it. > How does it protect you from a user like me who uses RSA keys cause he > is too lazy to type in his password[and also likes to have scripts using I assume by this that you do not have a passphrase on your private key. > ssh in cron] and has minimal security on his desktop[no gaping holes, no > unnecessary services running, but at the same time no firewall and not > the greatest passwords] where essentially any compromise of my computer > would give an attacker immediate access to my accounts on the other > computers where I have accounts? Yum! A prime target to crack. You are a person who walks around in expensive clothes and a wallet peeking out of the pocket. You buy lottery tickets at every gas fill. You cross against the light. You are a virgo. You probably won't be robbed in a good clean neighborhood mall. But wandering at night through a crime ridden neighborhood is trusting too much to luck. You might not ever be noticed. Or you might be mugged. If you don't think it is a big deal then I don't either. Many people leave their house key under the door mat and never have any trouble. (However, to pick up the key I must be physically present. To crack your system I can be across the planet using a pseudonym.) If the worst that happens is that your system gets cracked and someone uses you as spam source then you can always scrape your hard drive clean and install your OS from scratch. Your ISP probably won't drop you if you convince them you were spamming only because you were clueless and not because of malice. But if that happens expect me to take actions to protect myself against you as I would if you were a next door neighbor that never mowed their grass and let their trash blow into my yard. One of the most desirable machines for crackers are machines known as "cable 'bots" for a distributed denial of service attack. If I can covertly usurp a thousand machines on high speed network connections without their owners knowing then I can control them all to ping simultaneously a third party victim machine. That machine will be overwhelmed with web requests, pings, ssh connection requests, whatever I desire to bring your system offline. There is no known defense against that type of attack and it has brought large professional sites such as Amazon offline many times. The point being that on the Internet everyone are neighbors. It is unneighborly to let your system be used against other neighbors because you allowed it to be cracked. You say you have no gaping holes and it sounds like you actually have a reasonable minimum security. So you are probably okay. But you were also pushing the point so I decided to respond to that point. I am enjoying the debate. > Prohibiting passwords would almost seem to encourage this type of > behavior... But it prevents the ability of an undesired user to log into a system from across the planet only by guessing your password or obtaining it in some other way. By requiring RSA authentification then they *must* have the private key as well. Which if you take reasonable precautions is something that they cannot get. It is something you have and something you know. Bob
Attachment:
pgpDJiievfiTH.pgp
Description: PGP signature