LWN: Comments on "DeadDrop and Strongbox"

DeadDrop and Strongbox

mp — Mon, 17 Jun 2013 07:03:50 +0000

It appears that what is actually stored is not simply SHA256 of the code name, but HMAC(local_secret, code_name).

Password scheme

robbe — Thu, 06 Jun 2013 13:07:44 +0000

The diceware list contains too many obscure entries for my taste. YMMV.

We can agree that /usr/share/dict/words is usually not the best candidate.

Password scheme

micka — Thu, 06 Jun 2013 07:30:46 +0000

There are lists created specifically for this usage.
Just take the diceware list or one language spcific one.

Password scheme

robbe — Wed, 05 Jun 2013 15:44:13 +0000

> Selecting at random four words from the /usr/share/dict/words on my
> box (which contains 99171 entries) gives you more than 64 bits of
> entropy.
> [...]
> I'm not aware of any system that allows me to remember that many
> bits of entropy so easily.

Assuming we have the same words file (the number of entries match), this contains a lot of hard-to-remember variants. For example every name occurs in there as "Jack" and as "Jack's". It is definitely not the list of simple words used by XKCD 936 (dictonary size 2^11 == 2048).

For the sake of discussion, a script of mine generated this alternatives from the same 64 bits of randomness:

adzes rights Macumba's staleness's
AU's mastoscirrhus seel Bremerton's
Abgangszeugnisse Sollstärke blumigen Synthetik
17244702336126568816
gyskcgtcjfpsbg
cpprKpTOYLaG
uH25bi602OO
dLl%M4Aw.ZI
?bwto5p5Zs
y°USK8Tüöq
g-ßa+j6ög3bv

Decide for yourself if you're better at remembering the spelling of "mastoscirrhus" or "adzes" (or was it "adzes's") or a shorter random jumble of characters.

[an hour later]
I added another wordlist based on Ogden's Basic English containing a bit over 2000 words. Example output:

disgust saucer cool library overall moral

DeadDrop and Strongbox

sourcejedi — Fri, 31 May 2013 08:01:05 +0000

"The SHA256 hash of the code name is stored on the server"

Why is this design considered appropriate for a secure system?

Storing un-iterated, unsalted password hashes makes it easier to compromise large numbers of passwords once you've gained access. Every time someone gains access to a system with this design, we read articles criticising it...

Timely!

fandingo — Sat, 25 May 2013 21:18:54 +0000

s/New York Times/Associated Press/

Password scheme

diederich — Fri, 24 May 2013 21:54:47 +0000

Selecting at random four words from the /usr/share/dict/words on my box (which contains 99171 entries) gives you more than 64 bits of entropy. At one billion tries per second, it will take up to 584 years to find the right combo.

You did say 'reduce'; most people select passwords that have less entropy, and are possibly not as easy to remember.

I'm not aware of any system that allows me to remember that many bits of entropy so easily.

DeadDrop and Strongbox

ras — Fri, 24 May 2013 10:41:34 +0000

So this will be the legacy of Julian Assange. To show the world how it could be done, but perhaps not how not it should be run.

That is enough I think. Well done Julian.

Timely!

dlang — Thu, 23 May 2013 20:20:17 +0000

This wasn't just one Journalist, this was a very large portion (if not the entire staff) of the New York Times, and not just for a short time but for several months.

Password scheme

njwhite — Thu, 23 May 2013 16:55:06 +0000

Passphrases are always supposed to be like that, I think. The 'diceware' method is a popular way to generate them.

So these sorts of passwords have been around for ages.

Though presumably if you know you're targeting say 4 dictionary words, you can reduce the time to crack enormously (with a general offline dictionary attack, not relevant to dead drop's system.)

Password scheme

aaron — Thu, 23 May 2013 16:06:31 +0000

The source's password scheme is the one described in this XKCD comic.

Did Randall Munroe originate that, or what?

Timely!

micka — Thu, 23 May 2013 12:16:32 +0000

Ah I see. We (in France) had similar events. One journalist's phone bill was studied by an "intelligence" agency to find its source (who happened to be from the ministry of justice) in a political affair ( http://en.wikipedia.org/wiki/Bettencourt_affair ). Then that was the judge's phone bill...

Timely!

sorpigal — Thu, 23 May 2013 11:57:52 +0000

In the USA it was recently (within the last ~2 weeks or so) reported that the government had been monitoring the business and personal phones of some large number of employees (read: journalists) of a respected news organization. The upshot of this is that if any of these people over a rather long time frame (months, I believe) had called or been called by a confidential source the content of their conversation was recorded.

If I seem vague on details it's because I haven't really followed the story, but I had the same reaction: DeadDrop comes at *just* the right time. Barnum could not have picked a better moment to unveil a mechanism to allow safe communication between journalists and sources that makes a plausible promise to be free of government surveillance.

Timely!

micka — Thu, 23 May 2013 09:05:53 +0000

Thank you, that was useful, now I understand.

Timely!

smitty_one_each — Thu, 23 May 2013 08:46:04 +0000

>Do you mind giving pointers ?
Probably not without a system like the one described in the article.

Timely!

micka — Thu, 23 May 2013 07:04:49 +0000

You seem to talk about precise events that are occuring now.
I might not be be in the same part of the world than you (US ?) so I'm not aware of these possibly related events.Do you mind giving pointers ?

Timely!

jmorris42 — Thu, 23 May 2013 02:24:28 +0000

Wondering how you guys could post this and fail to note how timely it is. Had it went live on schedule nobody would have noticed, but the delay just happened to cause it to hit the news at exactly the time when multiple assaults on media outfits trying to catch whistleblowers also hit the papers.

We probably always needed something like this, but few would have actually used it. Especially back in the days of Bush, the Patriot Act and whining about the evil government coming after your library records... lots of talk but nobody actually believed it would happen. Well now it happened and lookie who it was that went and done invoked the Espionage more in four years than in the decades it was on the books before.