• Seattle Post-Intelligencer - Most play poorly at the password game
  One Boulder resident recalls that both he and his wife used unusual vegetables combined with personally significant numbers to make a satisfying computer entree.

• Web Information Security - Strong Password Security Practices
  It is not hard to create strong passwords and keep them well protected.

• Emergent Chaos - Gifts for the Cryptological Mind
  Could japanese puzzle boxes and cryptex vaults be seen as a viable alternative to passwords? Probably not, but they are fun!

• SecuriTeam Blogs - How Not to Protect Your Customers from Phishing
  Are we teaching users now that the SSL certificate and the domain name shouldn’t really match?

• Video by Darren Barefoot on Metacafe- User Name And Password
  Just an average day on the Internet, circa 2006.

• SecuriTeam Blogs - High load reveals passwords
  Every time web sites get heavy-loaded sometime spit out information such as your password.

• The Security Mentor - Passwords: longer, or more complicated?
  Adding two letters to the length generally does as much or more good than making the password look like comic book profanity.

• IT Guy Blogs - It’s time for password ** to die.
  Oh my goodness am I tired of asterisk-masked password fields. Please…give me the option to click a checkbox to be able to see the characters I’m typing.

• PassPack - Secure online password manager
  Clipperz is not alone, someone else is moving along the same lines …

• Bruce Schneier on Wired News - MySpace Passwords Aren’t So Dumb
  How good are the passwords people are choosing to protect their computers and online accounts?

Boz is a private bookmarking service by Alex Bosworth. It is a very interesting propject that allows users to post bookmarks that even the server doesn’t know about. Boz was originally written to replace priv.at, a del.icio.us hack blocked by Yahoo. Boz is free and the underlying Javascript code is released under the GPL.

How it works is that just before you post a bookmark, your browser encrypts the data and sends the bookmark information encrypted with your private key to the server. To browse your bookmarks, the server sends them back encrypted and your browser then decrypts them.

Benjamin Ferrari points out that the service lacks a lot of features when compared to other bookmark services, especially search capabilities. Maybe our short bibliography for searching on remote encrypted data could come in handy.

Now that I’ve started playing around with encryption, I am starting to think it’s a good idea for a lot more applications.

It is good to know that others think that browser crypto is a viable solution! Clipperz is moving along the same lines to build a secure digital vault and password manager.

Alex laments the “paucity of quality open source web browser encryption and decryption libraries”. He’s definitely right and we understand how complex is getting the crypto primitives right. This is why at Clipperz we developed our own Javascript crypto library from scratch. It will be released under a BSD license and the code will be available here.

• BBC - UN warns on password explosion
  Re-using passwords puts people at serious risk of falling victim to identity theft, said the ITU report.

• Lifehacker - Poll: Do you use the same password for different accounts?
  Check the results of this readers poll.

• Tech Humor - Security in heaven
  Even heaven cares about it’s security. Do you?

• ARC Thoughts - Death of password
  The beauty of WCS (Windows CardSpace) is the use of standards.

• The 5th Wave - Strip of December 3rd, 2006
  Rich Tennant finds humor in the often frustrating human interaction with personal computers. [Update: cartoon no longer available]

• Wired Blogs - Monkey Bites - Sxip Releases ID Manager for Firefox
  Sxipper encrypts and stores all of your login, password and identity information locally.

The title of a recent Lifehacker post was very intriguing: “Keep your password safe at public computers”. The content sounded even more promising since it was about an academic paper from Carnegie Mellon University with the hearthening title: “How to login from an Internet cafe without worrying about keyloggers”.

I readily downloaded the PDF files and dived into reading it. What a disappointment! The proposed solution to defeat keyloggers was impractical and flawed in many aspects. I was amazed that a prestigious institution like Carnegie Mellon could produce such an amateurish study!

Then I took a closer look at the paper and discovered that Carnegie Mellon was not involved at all: the authors (Cormac Herley and Dinei Florencio) are from Microsoft Research and I did not found any connection with the University except that this paper was presented at SOUPS 2006, the Symposium On Usable Privacy and Security held at CMU last July (!).

The fact that CMU was not directly involved was reassuring. The fact that Microsoft is saying “use this method and you are safe from keyloggers and spywares” is quite scaring. Why write a professional looking document and present it to a conference? Wouldn’t be better to just write a short blog post and openly discuss this weak and quite old idea?

However the paper was widely linked and it has been dugg more than 1400 times, but the wrong attribution to Carnegie Mellon was never pointed out.

For those interested: the two authors delved into this idea even deeper and produced another paper about a system called KLASSP (KeyLogger Avoidance using a Shared Secret Proxy), the name says it all …

Image from Antispam.br

Prof. Eugene Spafford in his latest post talks about MyBlackBook, an unusual web service whose mission is “to provide people with a place to store their sexual history, partners, and experiences in a safe, secure and confidential place”. This New York based venture moved from the assumption that “one out of three people have some kind of sex log” mostly kept on paper. A solution that is hard to maintain and troublesome to protect from prying eyes.

MyBlackBook is not a dating site, it does not have any “social” feature, it’s a very personal service. I think this is quite remarkable since in today online environment all intimate and confidential aspects of human existence are neglected. The focus is mostly on sharing and connecting while our innermost and private processes don’t get any support from web technologies.

However in his post Prof. Spafford makes some sound criticism of MyBlackBook.

My first thought is “Wow! What a way to datamine information on potential hot dates!” That quickly led to the realization that this is an incredible tool for collecting blackmail information. Even if the people operating it are legit (and I have no reason to doubt that they are anything but honest), this site will be a prime target for criminals.

Prof. Spafford is basically right, but only because the guys at MyBlackBook did everything they could to undermine the security of the sensitive information they are entrusted with. Here is a partial list of their “oversights”.

• To sign up, MyBlackBook require a valid email address that is used to send a confirmation email where the username and password are fully displayed in clear! I think that a service of this sort should be as anonymous as it could and shouldn’t require any unnecessary personal information, especially email addresses.

• Users data, or in MyBlackBook jargon their “entries” and “sessions”, are SSL encrypted during transmission, but no further information is provided about how they are stored on MyBlackBook’s servers. One could reasonably suspect they are “in clear”.

Then they say “All passwords are stored in our database as a non-reversible MD5 hash, which means if you forget your password we cannot retrieve it, and you would need to create a new password using our ‘Change Password’ form.”

• First of all, plain-vanilla hashing is not enough to protect passwords, salting and stretching would be also advisable.
• Second MD5 is very badly flawed and shouldn’t be used at all.
• A good thing is that they avoided the curse of the secret question, but if a user forget his/her password, and still remember the username, he/she can simply fill the form and a new password will be emailed in clear to him/her.
• To date if you try to delete your MyBlackBook account an error message is generated. Furthermore I did not find any further information about account deletion, nor it is mentioned in their Terms of Service document. Not nice …

MyBlackBook is a very smart and fun project, but with lots of open issues on the security front. I hope John Ianuale, president of Resorb Networks and lead developer of MyBlackBook, could fix them, but I’m afraid it will require a complete redesign of the underlying software architecture. I would be more than happy to discuss with John the approach used by Clipperz online password manager to the creation of really secure digital vaults where users can get the service without trusting the service provider. Maybe we could even try to change prof. Spafford opinion and lower his distrust toward online storage services.

My bottom line: don’t store things remotely online, even in “secure” storage, unless you wouldn’t mind that they get published in a blog somewhere — or worse. Of course, storing online locally with poor security is not really that much better…

PS MyBlackBook was launched more than one year ago, but surprisingly the blogosphere paid little attention …

AJAX applications will remain unworthy of serious business (at least for risk-conscious people).

This is quite a bold statement, especially considering the source: The Center for Education and Research in Information Assurance and Security (CERIAS), a prestigious academic institution. The author is Pascal Meunier whose current hobby is fighting all client-side scripting technologies, especially AJAX.

CERIAS has certainly some excellent thinkers when it comes to security, but in this case we respectfully disagree. Yes, there are security problems with browsers and web applications, but there are security problems with regular client software too. This fact has never prevented anybody (especially the risk-conscious people) from evaluating all the solutions available and selecting the ones with a better security architecture.

In his blog post, professor Meunier says there is problem with “same origin policy” and shared servers and he proves it by adding some nasty links from his Purdue homepage to the homepage of another collegue. True, but I cannot see how this could affect the happy users of so many well-designed web 2.0 applications. Then he signals that browsers can be made unusable by visiting pages with malicious Javascript. But this is old story: do you remember the funny sites with never ending loops of dialog boxes? Then he moves to analyze other vulnerabilities, but again I could see very weak relations with the present web 2.0 environment.

I can’t tell if these “Ajax horror stories” are episodic or endemic, but I believe that serious Ajax developers won’t cause any more harm than those working with a different software paradigm.

Gmail, the poster child of Ajax applications, is perfect for serious businesses. Combine it with Freenigma and you realize the security dream of any sysadmin: a robust mail service accessible from the Internet, with a very good spam filter, strong encryption and generous mailboxes. And please note that without the revolutionary Ajax interface there would be no chance to win user acceptance and the dream would vanish!

(Very good products like IMP and SquirrelMail never took off because corporate employees were reluctant to abandon the sleek and fast interface of traditional mail clients such as Outlook.)

Matt Mower, working at PAOGA, is raising a very interesting point about the boundaries beyond which APIs are no longer a bless.

Where API’s make clear sense to me is stateless lookup services. Google Maps for example, I can totally see why I want the ability to get maps for locations and directions between them. No problem there. But where API’s make less sense to me is when things get personal.

For example I don’t want Amazon to give me an API to lookup information about my book purchasing history with them. Or the Four Seasons to give me an API to update my room preferences. Or anything which is really about me.

Generally APIs are considered the distinctive mark of Web2.0 applications, but I agree with Matt that this is not always the case. When it comes to handling personal data, Matt prefers to talk of dataslots.

Named, opaque, stores where an organisation can put a sanitized version of the information belonging to me and keep it up to date.

This definition really fit with the online password manager that Giulio Cesare and me are slowly implementing: a secure digital vault for confidential data. That is to say a special kind of dataslot where the organization storing and managing it (Clipperz Srl) does not have a clue about the content of the dataslot and its owner!

During the last two days I had a chance to test drive Freenigma, the recently released email encryption service for webmail users.

What I like more of Freenigma is its “Johnny can encrypt” approach. For the average Johnny cryptography is insanely complex, while Freenigma makes a point of hiding this complexity under a very simple user interface.

Using the service you are barely aware that you now own a pair of public and private keys, or that you are exchanging encrypted session keys with the recipients of your messages, and so on.

Everything looks smooth and simple from the installation of the Firefox extension to the activation of the service. If you can handle the list of your friends in a IM client or managing your contacts in a social network then you can encrypt your email messages with Freenigma.

Freenigma still has some limitations (mainly related to attachments and browser support), but I’m sure I’m going to be a regular user of this simple, powerful (and free) service.

Yesterday Stefan Richter from Freiheit - Freenigma is a joint venture of Freiheit and g10code - was so kind to answer few questions about the service and the technology behind it. Here is a transcript of the interview.

Firefox 2.0 Beta is out since few weeks and it’s already quite popular. However Freenigma is only supporting Firefox 1.5. What are your plans with regard to Firefox 2.0 and Safari?

SR: We will test our extension this week in Firefox 2.0. So our aim is to support the new version asap. And we think about versions for Safari and Internet Explorer.

But you can use Freenigma not only for Web-Mailers: Werner Koch, the developer and maintainer of GnuPG, wrote a C reference implementation for a Freenigma client. This will soon be released as a command-line tool and a C library. We already have Perl bindings and with the C library available it will be easy to provide Python, Perl and whatever-you-like-language bindings.

This means you can encrypt files on your disk with the same freenigma account that you use for your Web-Mail. With a shell script! :-)

Or you can use it with your favorite mail client, like Mutt, Kmail or Evolution. (We already have a Kmail plugin for Freenigma).

You see, we really want to “Encrypt the planet”. ;-)

Your “Terms of Use” document contains a stunning bit of information: strong encryption is illegal in France! Is that really true or just a cautious statement?

SR: Yes, it is true. France does not allow strong encryption for their citizens. It is really difficult to find out which countries around the world are prohibiting cryptography.

Subjects of email messages are not encrypted by Freenigma. Wouldn’t be more secure to encrypt them as well?

SR: Hmm. This makes it really difficult to read the subject lines in your inbox. The subject line would get quite big because it would be a complete PGP message block. But maybe we could pack it with the mail body and extract it in the decryption process?! Hmm, then it would not be very compatible with GUI mail clients anymore.

I think you should not put confidential infos in the subject line… :-)

How is the random session key generated? Which algorithms and entropy sources are used?

SR: It is generated on the server side by GnuPG. So we use the same code and the same algorithms and entropy sources as any other GnuPG-based encryption.

Which size is the AES key? Which block cipher mode is implemented?

SR: 128-bit and we use CFB.

Which size are the asymmetric RSA keys?

SR: 1024-bit.

Could you provide some information about Freenigma infrastructure? Especially from a security and availability point of view.

SR: Security is our main focus, of course. But even if people would be able to steal the servers, they could not access the keyrings, because we don’t store the passwords (mantra). The mantra is only stored in the keyring of every user.

So here we traded convenience against security: When you lose your password, you will never be able to read your old encrypted mails again. Even we can’t help you. But this was important for the overall security. This also means, that nobody else can.

And we don’t log the passwords. We hand them directly over to GnuPG and after the crypto operation they disappear. We (and others) are physically unable to access the keyring.

We know how to build software that runs 24/7, because my company built some very large e-commerce systems in the german speaking market and in Scandinavia. Our customers include the number 2 and 3 Internet-Bookstores, the direct competitors of Amazon.de, so we have experience with robustness and reliability in “uncooperative environments” ;-) .

And now few hints for Gmail users.

• If your account is configured with a custom “From” address, Freenigma won’t work unless you add this address to the list of email addresses in your Freenigma account.

• Freenigma works great even with the hosted domain version of Gmail, see below!

I find this idea from Ka-Ping Yee very compelling.

What if, instead of treating memorability as the constant and strength as the variable, we treat strength as the constant and memorability as the variable? Suppose we have the computer choose a completely random password, to guarantee good password entropy. The phrase-based technique shows that a phrase can be turned into a random-looking jumble of letters and numbers. With a sufficiently large word list and a basic knowledge of grammar, can a computer turn a truly random jumble of letters and numbers into a memorable phrase?

Discussions regarding password length or password complexity are quite common, but Ping introduces a new point of view in the debate about building strong passwords.

Via 7dots, I found this interesting article from Roger A. Grimes, the InfoWorld security adviser. He claims that password length is far more important for security than complexity and that the push from many organizations to adopt complex passwords is worthless.

The problem with [password] analysis is that complexity cannot be guaranteed, and for the most part will be circumvented by your end-users. Whether you give them 94 characters or 65,000 characters to choose from, most will choose to include the same 32 characters.

And because most users also use dictionary words as the root to their “complex” password, and follow other common conventions, a simple hybrid attack will break most of them in less than a day.

There is no easy way to force true password complexity in most environments without a software addition, other than to generate truly random passwords and hand them out to users. They will probably hate you for doing so. […] If you can’t guarantee true password complexity (and you probably can’t) length is your best bet.

Roger has plenty of evidences to support his analysis, nonetheless Ping’s idea could lead to the development of very effective software add-ons aiming to bridge the need for high levels of entropy with the human attitudes toward simplicity.

Each add-on should generate a new truly random password together with an easy to remember passphrase, the latter acting as a mnemonic key to the complex password. For more convenience it’s not necessary to bother the user with fancy symbols and uppercase characters, since choosing from the standard set of 26 lowercase letters and 10 digits can provide more than 5 bits of entropy per character.

Then the only problem left is how to remember each computer generated passphrase for tens of online and offline accounts. On this front Clipperz, as well as 7dots, will have soon something to say …