Reading George Fox

Re: Mac Power Users 148: Security Audit

By Bruce Steinberg 2013-08-02 Tech

Passwords, Email, Security, Oh My!

This post originated as a reply to Ben Brooks’ excellent Encrypting Stuff Against Starbucks Hacker Bob.

The Short Version

I will be getting into the weeds a bit, so here’s the executive summary:

  • You absolutely should be using a password manager. I recommend 1Password as it has great native apps, gives you the most control over where your database is stored, and has a worst-case scenario backstop, 1Password Anywhere.

  • A select few essential passwords—your master password, your main email account, Dropbox—should be generated with Diceware instead. These memorable passphrases can easily be as strong as a random gibberish one and will easily stick around in your head.

  • LuxSci provides an expensive, but extremely flexible[0] email solution. Their Escrow Messages are a significantly more secure replacement for David’s encrypted PDFs.

The Long Version

The Problem

In their Security Audit, Katie and David provide a comprehensive overview of securing your Mac today; however, their discussion of passwords falls short in a few significant ways. Perhaps the most important is under-weighing the dilemma of losing access to your password store needs a robust solution. As Ben Brooks argues, if you lose access to your physical devices and your Dropbox account is compromised, “then you are hosed.” Moreover, our brains have not evolved to generate and remember strong passwords; as xkcd explains, the typical methods of substituting symbols and numerals does not create enough entropy. Today that method is even less useful as commonly available cracking tools have evolved to make guesses assuming those substitutions. Lastly, your main password store is only as secure as your master password makes it. While 1Password[1] provides strong encryption, it can only do so much with the entropy you provide it. With computers getting faster every year, the aforementioned cracking tools becoming more and more efficient, and social hacking emerging, we need an easy-to-use and potent foundation for our password management.

A Recommended Solution[2]

Thankfully, the Internets also giveth as they taketh away: Diceware was developed as a method to create memorable, highly entropic passphrases. A phrase such as lift 99th pagan your bald has 65[3] bits of entropy, while a password such as Tr0ub4dor&3 has only 28 bits. Instead of a failable and complicated heuristic, we can use a friendly 7776-word list[4] and five cool casino-style dice. Two articles explain the math behind exponentially increasing security with each added word. According to Agile Bits’ blog, a five-word phrase results in a database that would require over a million years to crack[5]. While its possible that the NSA either has significantly more horsepower or a backdoor[6], if you really are a person of interest, they can always resort to rubber hose cryptography. In the linked post, Jeff Shirer also offers a more creative generation option, but I still recommend the dice, as they do not require nearly as much brain power. Also, you won’t inadvertently personal information, which is easily gleaned via Facebook[7]

Diceware can also provide a solution to the social hacking problem. We’re all far too used to the various security questions, most of which are easily guessable for a mildly determined hacker who does a bit of research[8]. While password manager gibberish will work for online use, if you have to talk to a human being, it becomes useless. Good luck reciting 3@qGGhssdf88&-~45 over the telephone. On the other hand, a nonsense Diceware phrase is simple to communicate; I doubt operators will care that the answer to your dog’s name is Woah 75 bathe 4 quarks.

However, Diceware does not help avoid the danger of losing physical access to your devices at the same time as having your Dropbox account compromised[9]. The attacker will probably not be able to break into your password store, but you are still locked out of almost all your services. While this may be an unlikely scenario, it is catastrophic if it occurs. Having a memorable passphrase for your email will allow you to reset everything, but you’ll probably need a bottle of bourbon after dealing with all your accounts. Luckily, 1Password Anywhere provides a mitigation strategy. Within any Agile Keychain backup (as well as the live version on Dropbox), there is a 1Password.html file. If you keeps a copy of said Keychain on a thumb drive, you can securely access your passwords using a browser on any computer[10]. The html file is just a front end, so your database is just as secure as it is when accessed using a native app. There are a few niggling potential problems, but they seem to be relatively easy to work around.

Email Security

David also mentions that he’s mostly moved away from PGP (via GPG) to sending encrypted PDFs and out-of-band passwords for secure email communication. While the encryption is not nearly as strong, it by far trumps PGP in terms of user-friendliness[11]. I’ve recently been searching for a Gmail replacement[12], and LuxSci has a plethora of security options. While it is certainly one of the most expensive services[13], it also is the most configurable to your exact needs. For example, their SecureLine service offers three options: Guaranteed TLS Delivery, Escrow Messages, and PKI[14]. The Escrow option seems the most interesting. Your message sits encrypted on their servers and can be configured to unlock with an out-of-band password (like David’s method) or by requiring the recipient to sign up for a free SecureLine account. While the latter option does present a usability hurdle, it is not nearly as difficult as PGP and within the realm of possibility for moderately savvy users. Moreover, assuming the recipient chooses a robust password for the service, it is far more secure than an encrypted PDF.

LuxSci also offers two factor authentication, either via SMS message or via DuoSecurity. The latter provides a plethora of authentication options, including an intriguing push method. When you attempt to login, they push a message to their mobile app[15] and all you have to do is click a button to authorize it. Their service is free[16] for accounts with under 10 users, so it’s pretty much a no-brainer addition.

Fin

Thanks again to David and Katie for their awesome security audit. I hope the above helps refine their suggestions.

[0]: They can scale all the way up to HIPPA compliance for you medical professionals and have archiving options that satisfy various financial regulations.

  1. Though LastPass and Keepass seem equally as secure, I will focus on 1Password as it is what I use.  ↩

  2. For those looking for other options, arstechnica has a good article on How Elite Security Ninjas Choose and Safeguard Their Passwords.  ↩

  3. Actually 64.6 bits for you pendants sitting at home. The math:  ↩

    If a password is selected from a universe of N possiblities, where each possibility is equally likely to be chosen, the entropy is log2N. For example if you make a passphrase by choosing 10 letters at random, the entropy is 10 × log2(26) = 47.0 bits. —From the Diceware FAQ

  4. Available in a multitude of languages, including English.  ↩

  5. This is longer than the times listed on the Diceware site because Agile Bits uses robust tools to hash your master password. For other passwords (email, Dropbox), one may want to use 6 or 7 word passphrases.  ↩

  6. Actually fairly unlikely as Agile Bits uses an open source algorithm.  ↩

  7. I recommend turning on Facebook’s two factor authentication and using a Diceware password. While it may seem a little silly to include it in the essential sites category, it contains so much personal information, you should guard it as closely as your email.  ↩

  8. Do you have your high school on your Facebook page? Or the town you were born in? Are you friends with uncles who share your mother’s maiden name?  ↩

  9. The Mat Honan scenario.  ↩

  10. I wouldn’t recommend a public terminal, but going over to a friend’s house or into work are both simple options.  ↩

  11. PGP requires recipients to install a public key that you generate. Needless to say, for the majority of users, this is almost an impossible technical task.  ↩

  12. While I agree with Max Masnicka that it is not worth it to worry about the privacy implications of Gmail, I also agree with Marco Arment about the danger of Google sunsetting features in favor of Google+. Though it’s not very likely, I want to be ready to migrate in case they disable (their already non-standard) IMAP interface. Also, my email is still @gmail.com, so I am planning to move to a @domainb that I control.

    a Who also has an excellent write up on switching from Gmail to Fastmail.
    b My professional lighting design site, for those who are interested.
     ↩

  13. The cheapest package is $120/year compared to $40/year at FastMaila, but you do get 30GB of storage and additional users can be added for $12/year. For an extremely detailed comparison of all the options, check out this discussion at Email Discussions.

    a You can get an account with 100MB of storage for $5/year or 1GB for $10/year, but I’m assuming if you’re considering a paid service, you probably have more email than that. I’m approaching 9GB in my gmail account.

     ↩

  14. PGP and S/MIME Certificates  ↩

  15. Their app also implements the same system as Google Authenticator, for times when mobile data is not available.  ↩

  16. There is a 1¢ for using their SMS or landline call features, and you have to purchase the credits in $10 increments.  ↩

Tagged on: