|
Posted by: stak
Posted on: 2006-10-19 23:40:28
it seems pretty obvious to me that the whole password model of authenticating people is broken. first there were just usernames, which also served as passwords. then there were usernames AND passwords. then they added security questions to which you had to give the right answer. now some sites even have user-provided security questions, so you have to give your question and your answer. all they're doing is increasing the number of things the user has to provide, which is effectively the same as bumping up the minimum password length. (i.e. if you concatenated your username, password, security question, and security answer, that would be your new password). it's stupid. passwords can be broken by any number of techniques, from a simple brute-force search to dumpster diving to social engineering. i could go on for a while describing how the password model is broken, but you probably already know that.
next up is two-factor authentication. you need to provide something you have and something you know. usually this involves a password, combined with some sort of biometric dealie, whether it's a fingerprint, retinal scan, voiceprint, or even keystroke pattern recognition. this is better, but it really shouldn't be called two-factor authentication because the password half of it is still broken. it's basically just a biometric authentication. this is (as of now) stronger, and the people selling these solutions would have you believe that they are nigh-unbreakable. don't believe everything you hear. eventually this will be broken too. it's possible for attackers to get your fingerprint from anything you touch, or get your voiceprint from a recording. retinal scan might be harder, but hey, they did it entrapment, so it can't be that hard. eventually anything that just captures some physical characteristic will also be as broken as passwords are today. even RFID implants suffer from the same problem as biometric: the response from an RFID tag can be recorded and replayed (assuming my understanding of how they work is correct - I could be wrong on this one).
one thing all of the above methods have in common is that they're not dynamic or interactive. each of these basically prompts you exactly once for something (either a password, fingerprint, ...) and if you provide it successfully, you're good to go. this means that any sort of man-in-the-middle attack (which is effectively what's happening when you steal someone's fingerprint) can break it. what we need is an authentication method that changes every time it's used. something that's interactive, something that requires a "conversation" between the authenticator and authenticatee rather than just a one-time exchange, has the ability to be dynamic in such a way. the first step in the conversation could be the same (providing a username or some pointer to the identity you wish to authenticate against), but the rest of the conversation should change.
i don't have any specific ideas on how to actually make the conversation change such that the authenticatee can provide the correct responses to the authenticator without having any previously-agreed upon passwords/keys, but there must be some way to do it. ideas?
|
|
(c) Kartikaya Gupta, 2004-2024. User comments owned by their respective posters. All rights reserved.
You are accessing this website via IPv4. Consider upgrading to IPv6!
|