Based on a device called Scramble S-Scrib , AnonTechie writes about another use for a Raspberry Pi:
"Can this $70 dongle stem the epidemic of password breaches? Maybe not, but its approach could improve the security of password databases.
Security researchers have developed a password storage system that uses inexpensive hardware to prevent the cracking of passwords even the most common and weak ones such as '123456', 'password', and 'letmein.'
The S-CRIB Scrambler uses an additional layer of protection over methods many websites use now to prevent mass account compromises in the event a password database is exposed during a site breach, according to a post published Friday on the University of Cambridge's Light Blue Touchpaper blog. Rather than relying solely on a one-way cryptographic hash to represent plaintext passwords, the small dongle performs an additional operation known as hash-based message authentication code (HMAC). The secret 10-character key used to generate the HMAC resides solely on the dongle. Because it's not included in password tables that are stored on servers, the key could remain secret even in the event of a major security breach."
(Score: 3) by GungnirSniper on Tuesday March 11 2014, @05:16PM
Why not some nice computer number like 32 or 64?
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 5, Insightful) by naubol on Tuesday March 11 2014, @05:30PM
So, it just sounds like another form of two-factor authentication when we already have examples of free two-factor solutions that are well tested. Google auth on the phone and battle.net auth from Blizzard on the phone. If you must have a dongle, Blizzard sells one for like 6 dollars I believe?
Why is this solution superior to those that already exist and are substantially cheaper?
Also, people will lose their dongles, people might have trouble with using them, and people will get annoyed at having to take an extra step to login.
(Score: 1) by dyingtolive on Tuesday March 11 2014, @05:45PM
My understanding on the way RSA and Battle.net tokens work is that there is a function evaluated on both, the dongle and the server that results in the same key. This looks like it somehow only evaluates on the dongle, and the server has the means of proving true or false, but doesn't actually know the value or how the value is being achieved.
Don't blame me, I voted for moose wang!
(Score: 4, Insightful) by jdccdevel on Tuesday March 11 2014, @06:02PM
If I understand correctly, this is for servers, where your passwords are stored, not something you would carry around.
Think of it as an intermediary between the User and the Password database, that can't be copied offline in a security breach.
Normal password auth goes something like:
Authenticated = (Hash(Password + Salt) == DB Hash value)
With this unit, it'll be something like:
Authenticated = (HardwareHMAC(Hash(Password + Salt)) == DB Value)
or:
Authenticated = CallTheDongle(Password, PasswordDBValue)
So, without the hardware dongle, the information in the password database is vulnerable to being cracked offline. Even with salted hashes (They just make it take longer). With the Dongle, the attacker doesn't have the physical device, so the password database is safe, even if the rest of the data is compromised.
Pretty cool idea, actually.
(Score: 2) by frojack on Tuesday March 11 2014, @11:12PM
It took a couple readings before it dawned on me that this is a server side device.
Presumably they lose the Raspberry somewhere along the line and build everything into
a single device. It would still be nice to have some way to prevent server seizure from also grabbing the dongle.
No, you are mistaken. I've always had this sig.
(Score: 2) by ls671 on Tuesday March 11 2014, @11:25PM
"It would still be nice to have some way to prevent server seizure from also grabbing the dongle."
Well, connect the dongle to an extension and put the dongle in a safe with auto-destruct feature in case of break-in.
More seriously, you could probably build a network layer for the dongle so it could be physically connected on a different computer. Then, we are getting close to the solution often implemented: Do not keep your authentication data in your application database, have authentication done by a third party server that does just that, hence making it easier to secure.
Everything I write is lies, including this sentence.
(Score: 2) by EvilJim on Tuesday March 11 2014, @11:55PM
Pretty cool idea, actually.
Until someone walks out the door with your server and dongle.
(Score: 3) by GungnirSniper on Tuesday March 11 2014, @05:34PM
Does it also prevent DDoS attacks?
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 2) by ls671 on Tuesday March 11 2014, @11:29PM
"Does it also prevent DDoS attacks?"
Of course, there is a feature where you can redirect all unwanted packets to the dongle and it will happily eat them.
Everything I write is lies, including this sentence.
(Score: 2) by tynin on Tuesday March 11 2014, @05:44PM
The site was offline for a little bit. I noticed that the DNS got updated yesterday. Is all well in the world of soylentnews or is their a storm brewing that is going to sink this ship? I'm kind of surprised we've had no update on the sale from yesterday. Come forth brave staffers, share with us! Please and thanks.
(Score: 2) by tynin on Tuesday March 11 2014, @05:47PM
Even the folks at pipedot.org noticed:g -temporarily-offline [pipedot.org]
http://pipedot.org/story/2014-03-11/soylentnewsor
(Score: 2) by dotdotdot on Tuesday March 11 2014, @06:30PM
I actually submitted that on pipedot. There is a lot of crossover in the user base.
(Score: 2) by Random2 on Tuesday March 11 2014, @06:22PM
My speculation is that it's simply a hiccup from the actual transfer, that or maybe NCommander's computers lost power and they had to go into a backup mode.
As for the sale, it's likely they haven't worked out the details yet and don't want to say anything until they've got a better understanding of what's going on. They also should be working intently on figuring out their business plan right now and that might be tied into the domain and its usage.
If only I registered 3 users earlier....
(Score: 3, Informative) by dotdotdot on Tuesday March 11 2014, @06:43PM
from irc:
[13:23] whoo
[13:24] in the end it was because linode hosed our dns on migration
[13:28] [cwix] did we loose soylent for a period of time there?
[13:34] BendingUnit: We did and now it's fixed. Minor problem with migration.
(Score: 2) by mrcoolbp on Tuesday March 11 2014, @09:37PM
I can confirm this was the case. Sorry about the downtime.
(Score:1^½, Radical)
(Score: 3, Informative) by FuckBeta on Tuesday March 11 2014, @05:46PM
Some implementations of HMAC vulnerable to timing attacks.s /4640.en.html [events.ccc.de]
http://events.ccc.de/congress/2011/Fahrplan/event
Quit Slashdot...because Fuck Beta!
(Score: 5, Insightful) by Sir Garlon on Tuesday March 11 2014, @05:54PM
Sure, but because deadbolts can be forced, does that mean I shouldn't have a deadbolt on my front door? The existence of a vulnerability doesn't imply a security measure is useless, only that it is not a silver bullet. (It also informs the cost/benefit decision whether to adopt it, so you are being helpful by pointing out the vulnerability.)
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 3, Insightful) by MrGuy on Tuesday March 11 2014, @07:07PM
(Score: 2, Interesting) by MrGuy on Tuesday March 11 2014, @07:09PM
Sorry - could have sworn I selected "Plain Old Text," which would have kept my paragraphs from running together like that, but apparently not. Apologies for the "wall o' text"
(Score: 2) by ls671 on Tuesday March 11 2014, @11:43PM
I have seen a handy "Preview" button somewhere ;-)
Everything I write is lies, including this sentence.
(Score: 3, Informative) by jdccdevel on Tuesday March 11 2014, @07:28PM
With salted hashes, the salt is stored in the database too. If you look in the password table, you'll see a string that usually looks something like "$$" (The exact format depends on the hash function, etc)
The salt isn't usually site specific, it's specific to that particular users password. (That's to prevent being able to tell if 2 users have the same password as each-other from the password hash.)
The salt is recovered and used to hash the user-supplied password for comparison. This means that passwords can still be calculated offline if you have a copy of the db. (Especially quickly and easily for common ones like "123456").
With this system, a piece of the "hashing chain" is stored in the dongle. You'd still need a unique salt (to prevent duplicate hashes for the same password), but this system means that the password hash would be useless to anyone who got a copy of it. Without the dongle the hashes are random garbage.
With this in place, a website would be able to detect that you're trying to brute-force a password. Without it, you brute-force offline against a copy of the DB, and log in directly once you know the password.
(Score: 2, Informative) by jdccdevel on Tuesday March 11 2014, @07:31PM
Sorry, slashcode ate my hash example. An example would be something like this (not a real hash):
$ABCDEFGH$abcdefghijklmnop
The "ABCDEFGH" part at the beginning is the Salt, the rest is the hash itself.
(Score: 4, Interesting) by bogibear on Tuesday March 11 2014, @07:50PM
I agree with MrGuy and the wall of text.
I have to add that on any given day, I might use 4 or 5 devices: Work laptop, home laptop, home desktop, Android phone, Android tablet.
One can always reference the excellent xkcd post - http://xkcd.com/936/ [xkcd.com]
Alas, even the best passwords will eventually be crackable - you just need the right hardware. Consider the GPU clusters that are being used for BC mining - turn them to password cracking and we have the same problem.
Unfortunately, I don't have a good way of solving the password problem. I just try to keep the really sensitive stuff offline and avoid using the same password for everything.
The world's cumulative IQ is a constant. The population is growing.
(Score: 2) by stormwyrm on Tuesday March 11 2014, @10:00PM
The way I understand it is you need the hardware dongle to be able to verify the password. Without it, the password database is useless.
And what kind of fool site admin would permit any joker on the Internet a few thousand guesses against a single account without taking any measures to stop the attacker? Most login prompts I've seen will lock the account and notify the owner and the admin of suspicious behaviour after a handful of consecutive failures.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by Blackmoore on Tuesday March 11 2014, @08:49PM
I too have a "new device" that will stop password theft dead. I call it a noose. apply to users neck and after a while the user will no longer fall to attacks on them to reveal the password.
(Score: 1, Interesting) by bogibear on Tuesday March 11 2014, @09:09PM
Unfortunately, they will reveal the password in the hopes that you will release them from said noose. If people are too stupid to use good passwords, perhaps you should either (a) refrain from using the Internet or (b) just post your credit card number online and let the cards fall where they may.
Frankly, I don't keep important information online. I'm not sure how much damage you could cause by having my FB password, email passwords, and my fuck beta password, etc. About the only sensitive sites I use is my bank website and paypal.
The world's cumulative IQ is a constant. The population is growing.
(Score: 0) by Anonymous Coward on Tuesday March 11 2014, @11:06PM
You can install a firefox plugin called Password Hasher. It allows you to pick one password and it will hash it differently to each server. While it's not perfect it's better than giving the same password to each server unhashed. Each browser should automatically implement something like this and there should be a standard hash function for how the passwords are hashed so that all browsers can hash them the same.
One obvious idea (which is sorta what what's in the OP) I thought of a long time ago is to simply have a device with a public/private key pair where even the user has no access to the private key generated. I can plug my device into the computer (via USB) and the web server, knowing the public key, can use the public key to confirm the authenticity of the device by sending it a string of text to sign with the private key. The computer that the device is plugged into also has no access to the private key. In this sense even if the computer that I'm using is compromised with a virus/some spyware or is being monitored no one can steal my credentials and use them for future activities (since even that computer has no access to the private key, confirmation is done on the device itself).
Another obvious idea (I think it might be done in some countries) is to have a text message automatically sent to you when you make a credit card purchase. That text message can contain an authentication number that you can give to the seller proving that you made the purchase. Your phone, of course, should require a login password and perhaps even a password can be requested from the credit card company (via text message) before the authentication code is sent to your phone in case your phone is stolen.
(Score: 2) by ls671 on Tuesday March 11 2014, @11:53PM
"You can install a firefox plugin called Password Hasher. It allows you to pick one password and it will hash it differently to each server."
Just make sure you backup your "Password Hasher" database somewhere.
How do you log in from a different computer? Now we would also need to sync that database...
Everything I write is lies, including this sentence.
(Score: 0) by Anonymous Coward on Wednesday March 12 2014, @12:28AM
There is no database and you don‘t need to sync anything. Nothing is stored on your computer to keep track of how passwords from different sites are hashed. Do your homework before making criticisms based on guesses.
(Score: 2) by tangomargarine on Wednesday March 12 2014, @02:43PM
The downside is that it sounds like the hasher must be deterministic to work between browsers without state...so if an attacker guesses your "base" password, ALL of your passwords are immediately compromised. And having no local "master password" that modifies the generation means that it's just reduced to a single brute force attack.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Thursday March 13 2014, @05:59PM
Which is partially why I said
"While it's not perfect it's better than giving the same password to each server unhashed."
But if you have a decent password (assuming the hash function used is a decent one) then this amounts to the requirement of a cryptographic attack. Which is very difficult and still a thousand times better than sending the password unhashed.
Your brute force attack argument can be applied to all of cryptography but that doesn't negate the usefulness of cryptography. If the possibility of a brute force attack is enough to make cryptography insecure then perhaps we should do away with cryptography altogether. Why have hashsums? Why have passwords? After all brute force attacks could potentially break them.
(Score: 1) by useless on Wednesday March 12 2014, @01:27AM
Shh, nobody tell Adria Richards or we're all in trouble!
(Score: 1, Interesting) by Anonymous Coward on Wednesday March 12 2014, @01:47AM
If it can be done with a pi, then why not go the next step and implement this fully in software on a generic computer over a network? You then get the benefits of being able to run the database/server software etc. on multiple machines at once (clusters anyone?), and derisks the problem of a dongle failure, loss or similar (also with not being hardware based anymore, make a backup, or snapshot/clone the VM if you've virtualised the "dongle" etc.).
Just run the HMAC code or whatever as a service somewhere, and instead of the server machines asking the local dongle, it can talk to this service over regular IP. Use SSL, firewalls, private/dedicated LANs and other techniques to tie down comms to only what is meant to use the service and so the traffic can't be intercepted and read easily. Running the service on a different machine to the database servers gives you the same benefits of the dongle in that the server being comprised and database copied to an offline location does not reveal how the service is scrambling the data.