Schneier on Security
A blog covering security and security technology.
« Low-Tech Impersonation |
| Conficker »
April 22, 2009
Lessons in Key Management
Encrypting your USB drive is smart. Writing the encryption key on a piece of paper and attaching it to the USB drive is not.
Posted on April 22, 2009 at 1:31 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
OTOH, knowing that it's common for people to write their passwords on Post-Its and stick them to their monitors, who's surprised by this?
Yes, that is sad.
Although, I *have* considered writing an *incorrect* PIN on my ATM card, so that if someone finds it and uses it, the card will hopefully become disabled or eaten by the ATM.
Good idea about the incorrect PIN... you might want to make some of the digits a little vague, so they'll have to try several different combinations... ;-)
Reinforces my opinion that most incidents aren't the result of the technology being broken, they are the result of the way the technology is used.
I'm always sceptical of a Government agency saying that a data loss is acceptable because the data is "encrypted" - even if the failure isn't as obvious as this example, a crackable passphrase for the encryption renders the exercise pointless.
As an aside, why is it nearly impossible to find a USB manufacturer that sells thumb drives with physical write-protect switches?
It seems to me there's nothing inherently different about this media than the venerable floppy disk. Even with whole disk encryption, what prevents malware from writing to your USB drive once you've authenticated?
What am I missing here?
@Dave Page: "I'm always sceptical of a Government agency saying that a data loss is acceptable because the data is "encrypted" - even if the failure isn't as obvious as this example, a crackable passphrase for the encryption renders the exercise pointless."
I'm a government auditor, and I agree wholeheartedly with your statement. Encryption, in most situations, is to protect your data once it falls into the wrong hands, not so you can be careless with who gets their mitts on it.
@Erich: "What am I missing here?"
Beats me. Every thumb drive I have has physical write protect switches.
The thing to do is not just write down a vague/incorrect PIN, but to encode it in some way so that it isn't exactly what's written. Shifting and/or transposing are common (e.g., 1234 as 4321 or 2345).
Another good one is to pick a pattern in a matrix:
I call that a sudoko cipher. :-) It has the added advantage of being able to hold multiple PINs via different patterns.
The same can be done for passwords, but the matrix can get rather large. Some people use a keyboard as the base pattern for their matrix, and pick a pattern on that. For example, "6yhNm,." is a fairly cryptic, but also fairly easy to describe pattern.
It also makes it possible to not be able to know/recall your own password without having a copy of the exact same matrix in front of you, for better or worse!
I'm with Erich. Most new thumb drives I have seen do *not* have write protect switches. Those that do have tiny switches you need a pen tip or pin to move.
The last good write-protect switch I saw was on an old Memorex drive. *That* drive has other problems, such as the lanyard being attached to the cap, instead of to the drive.
Why was the data on a flash drive to begin with?
If it doesn't leave the network, it is hard to lose.
Back when my bank issued ATM card PIN's and refused to support customer-chosen PIN's, I used to encipher the assigned (hard to remember) PIN by subtracting my preferred (easy to remember) PIN from it (by columns, mod 10) then write the enciphered PIN on the card. At time of (infrequent) use I could recover the assigned PIN quickly.
I was aware that my scheme was basically equivalent to the "PIN offset" scheme the bank would have used to record my preferred PIN if the morons running the bank had allowed customers to choose (change) PIN's at all.
Certainly in that era the enciphered PIN I wrote on the card leaked no more data than an adversary could have recovered from the card's magstrip if the bank had supported customer-chosen PIN's.
"Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.
That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities. In addition, resources that should not have failed, like the local hospital's internal computer network, proved to be dependent on external resources, leaving the hospital with a "paper system" for the day."
I remember walking into our breakroom and having to listen to them go on about it while I waited for my coffee to finish.
Impossibly, that's where it's nice to be able to touch-type Dvorak as well as qwerty. Just use the "wrong" keyboard and an easy to remember password. I prefer passphrases these days, they're not a lot harder to type and they widen the keyspace nicely. And they're much more memorable. But the keyboard switch is a useful bonus.
Don't get caught row-shifting though - too many keyboards have the numeric keys in odd places to make going one row up usable - too often you'll find yourself trying to work it out the slow way because some monkey put the number keys up and left of the letter keys.
" OTOH, knowing that it's common for people to write their passwords on Post-Its and stick them to their monitors, who's surprised by this?"
but this may make a great deal of sense. a really hard to crack password is also hard to remember. Writing the password on the monitor increases security on one access route ("network") while decreasing it on another ("physical").
Of course this only helps if the password is a hard one, and if we assume that physical security is good and/or that anyone able to physically access the computer can crack it anyway etc
I'd definitely go with a passphrase for better security and memorability, but there are still a lot of systems out there that don't support them (or, worse, silently truncate). Longer phrases are harder obscure, though, should you need to hide it in plain sight. It's not that big of a deal to fiddle with a meaningless 4 digit PIN or 8 character password, but 30+ character passphrase is a lot harder to tweak like that.
From the Fox article on the Morgan Hill incident:
"Police said the incident is being investigated as vandalism."
Ok, let me get this straight: leaving LED-laden toys on a street corner begets mobilization as a terrorist threat, while communication cables being severed by unknown actors is considered vandalism.
Got it. I feel safer already.
Impossibly Stupid wrote: "The thing to do is not just write down a vague/incorrect PIN, but to encode it in some way so that it isn't exactly what's written. Shifting and/or transposing are common (e.g., 1234 as 4321 or 2345)."
Now I have to my keys encrypted as well? Oh bother ... :P
Heh. Well if you plan to write them down or otherwise make them semi-public then, yeah, you're better off not actually transcribing them verbatim. That goes for all kinds of things that are semi-secrets. If you're arranging a clandestine meeting, would you be better off making a note of it by writing down "123 Main Street" or "321 Main Street"? It *is* a bit of a bother if you assume nobody is going to see it but, like this story shows, it's worth a little bother if there are big consequences when your assumption is wrong. I'm reminded of that plot point from Star Trek II where the fudged the times over an unsecured channel.
So, yes, sometimes a key needs a key. :-)
Isn't that something like leaving your front door key under the mat or flower pot? Might as well put up a big sign, "Idiot Zone - take what you want, because we're clueless!".
I used to write ATM software. 90%+ of ATMs will reject cards in one form or another after 3 invalid PIN entries, so for decades I have written four 4-digit numbers on the backs of my ATM cards which are NOT my PIN in the hope that someone who acquires my ATM card and attempts to use it will try them figuring he has a 3 out of 4 chance to get it correct and will thereby "warm card" my card and be unable to use it. [I think I've even mentioned it in this blog before]
Of course this security measure requires that one is bright enough to actually log out of the ATM before driving off. A couple of years ago I pulled up to an ATM and was presented with the "Would you like another transaction?" screen. Having integrity as a major monkey on my back (which gets me screwed in life at pretty much every opportunity) I answered "no" and was presented with someone else's ATM card, which I then took inside and gave to a bank officer. But I could have charged someone up to $200 as a lesson to remind them to take their card with them. (besides it might have been someone forced to enter their PIN at gunpoint and the crooks then made them drive off when they got the cash, although that behavior seems to be a UK thing).
On the other hand I've done it too. Once I pulled into a gas station cause they were advertising a "good" price, confirmed the price on the pump matched the one advertised, put my credit card into the pump and AFTER I entered my card they raised the price of gas on me by ~15% [which is a fun game they play in southwest OH like nowhere else in the US - 30 cent/gal jump every Wednesday and then trickle back down to where they were by the following Wednesday then repeat - look at the graph on daytongasprices.com to see this wonderful sawtooth behavior in action - spread it out to 2 year history for the full effect]. I was --->>pissed
In spy novels people frequently call an agent to arrange a meeting or dead drop by asking "is this 1234?" where 1234 is an anagram of their actual number, say 4123, but which variation on the anagram is the part that passes the information desired. 1234 means the mailbox, but 1432 means the bridge. Code AND cipher at the same time.
"We are pleased that the Information Commissioner's Office has recognised the swift action taken by NHS Central Lancashire following the information security breach and that, as a result, at present no formal action will be taken."
And here is why the problem present itself so often in the UK : data don't concern them and there's no cost at losing it.
This is at least 10000000 millionth time I have seen "this" post.
Is Bruce being senile or he is acting as a primary school teacher re-enforcing a basic idea.
And I see the same responses -- same ideas being told and retold -- and me bitching just the same way.
Let's talk some hash -- this is too stupid to worry about
By the way, ATM machines worldwide accept 6-digit PINs. But most banks will only let their customers use 4-digit PINs. Anyone know why?
(My Swiss plastic has a 6-digit PIN and I've used it successfully in several countries including 3rd world.)
If I forget my pin the bank has to pay the customer service person to talk to me, to get it reset. Multiply me by the number of customers that can remember 4 but forget 6.
So the risk of me losing all my money because of poor security is better (for the bank) than the risk of them having to hire and trust enough customer service people to man the extra phones for those that can't remember 6 digits.
A déjà vu is usually a glitch in the Matrix. It happens when they change something.
I blame Obama.
Impossibly Stupid wrote: "So, yes, sometimes a key needs a key. :-)"
I can imagine how this conversation would continue:
"And would the key for the encrypted key also need encrypting?"
"You're very clever, young man, but no worries. It's keys all the way down."
Sometimes it makes sense to write down your password on a post-it, sometimes not.
Here we have _encrypted_ data travel with the encryption key together, effectively undoing the encryption.
However, most passwords for computers are not for protecting data but for protecting against access _over_the_network_. Random net adversary can't read any post-its you have.
Your work-mates' physical access to your computer might be enough to give technically equivalent access to your computer and data as if you would have had the post-it there anyway.
They should have used an encrypted usb drive with biometrics, like the Stealth MXP (http://www.mxisecurity.com/categories/display/62), like the city of London Police and much of the US Fed.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.