Can we get rid of passwords already and use public key authentication?
seandreashas left
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
colochonhas left
mehdihas left
mehdihas joined
dinosaurdynastyhas left
dinosaurdynastyhas joined
schorschhas left
schorschhas joined
mehdihas left
mehdihas joined
thndrbvrhas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
dianehas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
raspbeguyhas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
brilliancehas left
mehdihas left
mehdihas joined
karimhas left
karimhas joined
Melhas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
Douglas Terabytehas left
Douglas Terabytehas joined
mehdihas left
mehdihas joined
Melhas joined
brilliancehas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
brilliancehas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
holgerhas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
brilliancehas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
Huxxhas joined
ibikkhas joined
mehdihas left
mehdihas joined
lorddavidiiihas joined
mehdihas left
mehdihas joined
mehdihas left
mehdihas joined
jayteeukhas left
jayteeukhas joined
Melhas left
Melhas joined
mehdihas left
Echo1has left
mehdihas joined
Echo1has joined
podhas joined
perflysthas joined
mehdihas left
mehdihas joined
Pingu from Woodquarterhas joined
perflysthas left
mehdihas left
mehdihas joined
sonnyhas left
sonnyhas joined
raspbeguyhas joined
sonnyhas left
holgerhas left
sonnyhas joined
Licaon_Kterhas joined
mehdihas left
mehdihas joined
sonnyhas left
mehdihas left
sonnyhas joined
mehdihas joined
lorddavidiiihas left
sonnyhas left
mehdihas left
mehdihas joined
lorddavidiiihas joined
sonnyhas joined
sonnyhas left
jonas’
I’d be all in, if we hide it from the users :)
sonnyhas joined
sonnyhas left
mehdihas left
mehdihas joined
sonnyhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
holgerhas joined
sonnyhas left
SouLhas left
insanityhas left
10rokitahas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
mehdihas left
mehdihas joined
sonnyhas joined
derventiohas left
ibikkhas left
cuchas left
cuchas joined
abidal3has joined
sonnyhas left
schorschhas left
SouLhas joined
sonnyhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
madmalkavhas joined
cuchas left
cuchas joined
lorddavidiiihas left
insanityhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
ibikkhas joined
marc0shas left
marc0shas joined
lorddavidiiihas joined
schorschhas joined
dianehas left
kikuchiyo
Wouldn't that require client devs to integrate authentication agents and users to remember longer passphrases?
cuchas left
cuchas joined
jonas’
kikuchiyo, no, why? tie the private key to the device.
jonas’
passphrase optional.
jonas’
on mobile OSes, that would be reasonably secure, since apps can’t read each other’s storage
jonas’
(or you can even put it in the OSes secret vault)
jonas’
breaks down on standard desktop OSes of course, but who uses those anyways.
schorschhas left
schorschhas joined
sonnyhas left
sonnyhas joined
kikuchiyo
Ok, what does this mean for multiple or lost devices?
lorddavidiiihas left
jonas’
different private key for each device, obviously
jonas’
because of that, you can revoke access for lost devices easly
jonas’
if you lost all devices, you’ll need an out-of-band recovery mechanism, just as if you lost your password
Beherithas left
tom
I strongly disagree
tom
You have strong crypto auth
tom
And then you add a backdoor
tom
It's up to the user not to have a backup key hidden somewhere
jonas’
of course
jonas’
because user’s are good at that!
tom
And in worst case they don't, they could go to their hosting provider showing physical ID and having someone who knews them add in a new key
jonas’
which is *exactly* the kind of out-of-band recovery mechanism I’m talking about?
jonas’
what’s your problem then?
tom
I thought you meant automated
tom
» just as if you lost your password
colochonhas joined
jonas’
of course automated for any non-terrible-UX service
tom
Strongly disagree
jonas’
for terrible-UX-but-high-security services you’d not do that automated obviously.
tom
I'm really tired of having to use software design for morons
jonas’
sorry to hear
tom
I know what it means to use unbreakable crypto when i turn it on
tom
A lot of companies like to assume their users are stupid and add all kinds of backdoors into the crypto
tom
Calling them recovery
Echo1has left
tom
So like you have 2fa, but you can guess someone's pet name or look up their mother's name
tom
And bypass the security
lorddavidiiihas joined
Echo1has joined
tom
I can auth to IRC servers with a client certificate
tom
Shouldn't that be possible with XMPP as well?
tom
Instead of having to remember passwords
tom
Keeping a bunch of passwords in a database
Beherithas joined
tom
Take wireguard for example of doing authentication right and and making simple
tom
https://www.wireguard.com/
jonas’
wireguard is too simple for some use-cases though
jonas’
anything road-warrior-corporate-type for example.
tom
I use it on my laptop
tom
It's perfectly adequete
kikuchiyo
> different private key for each device, obviously
New devices would need to be cross signed from an already known device, yes?
pep.
> jonas’> because of that, you can revoke access for lost devices easly
Because of that, you can race to revoke access for lost devices easily. FTFY
jonas’
?
pep.
Since the lost device would probably have the same authz
jonas’
kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link
jonas’
pep., removing devices could require a second factor
pep.
And you probably just lost it :/
Martin
Andotp on the lost mobile 😁
pep.
Revocation is annoying
vu764hd68fxthas left
Viktor Lindberghas left
Viktor Lindberghas joined
vu764hd68fxthas joined
stvnhas joined
stvnhas left
stvnhas joined
jayteeukhas left
jayteeukhas joined
kikuchiyo
> kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link
One-time authentication leads to a race of one-time revokation. How about not revoking a device, but revoking the compromised identity?
Melhas left
Melhas joined
10rokitahas left
pep.
You don't get rid of the race do you
stvnhas left
stvnhas joined
Beherithas left
kikuchiyo
pep.: Since there is no continuity, you would need to reestablish trust for a new one.
pep.
That also means at any time, somebody (with the right authz, e.g., stolen device) can revoke your perfectly valid identities
pep.
(and 2FA on the stolen mobile device, because that's how things work nowadays :p)
kikuchiyo
Which comes down to meeting in real life or using 2fa.
pep.
meeting in real life with whom?
pep.
The server operator?
pep.
(I haven't read the past few days of logs)
lorddavidiiihas left
kikuchiyo
Those to whom you want to communicate with.
pep.
Assuming you can also still login first
pep.
Password is unchanged, etc.
lorddavidiiihas joined
kikuchiyo
> Assuming you can also still login first
No, assuming that the other party knows you in person and can verify that in real life.
The underlying philosophical problem is: _What is identity_
One answer to that could be: A common history.
Beherithas joined
pep.
I meant, you might not have access to your account anymore
pep.
In this case surely you can create a new account/identity and get this one acked
pep.
Unless you manage to convince the operator that it's your account
Vaughanhas joined
stvnhas left
sonnyhas left
holgerhas left
kikuchiyo
pep.: Yes a comprised account is a compromised virtual identity. So there is nothing left than to refer to a second identity, e.g. the real life identity, to establish new trust.
kikuchiyo
You just need to make sure that the old identity gets revoked completely.
pep.
And I'm saying that's the hard part. First if you don't control the account anymore, either you need to regain control of it through the operator, or you need to go through all your contacts and revoke it out-of-band (by meeting IRL)
lorddavidiiihas left
pep.
You don't "just" revoke an identity
Maranda
🤦🏼♂️
pep.
What is it Maranda, your hand smells nice? :P
Beherithas left
stvnhas joined
stvnhas left
stvnhas joined
Maranda
They smell of disinfectant like everyone's, if they're good childs that is pep.
stvnhas left
stvnhas joined
kikuchiyo
pep.: I know this is not the usual way of thinking about revokation.
> you need to go through all your contacts and revoke it out-of-band (by meeting IRL)
Or by enabling whomever has gained control over the old identity (including yourself) to destroy it and all of the attached keys, but not to initiate a new one without meeting IRL or 2fa.
pep.
Yes and that person in control of your old identity might have no interest in destroying it :p
ibikkhas left
pep.
(or it might be exactly their goal: DoS)
stvnhas left
holgerhas joined
sonnyhas joined
Beherithas joined
stvnhas joined
sonnyhas left
sonnyhas joined
insanityhas left
kusonekohas left
kusonekohas joined
kusonekohas left
kusonekohas joined
Marzannahas left
Marzannahas joined
insanityhas joined
colochonhas left
stvnhas left
stvnhas joined
stvnhas left
lorddavidiiihas joined
sonnyhas left
sonnyhas joined
sonnyhas left
stvnhas joined
schorschhas left
sonnyhas joined
schorschhas joined
kikuchiyo
pep.: One person in control has to be able to hit the kill switch for the identity - that would be you. If the attacker does that he looses control.
This is a like a remote mechanism to dye stolen money.