January 5, 2012

Friends with [login] benefits

To follow up on the last post, think about what it would mean to have a web application running on your friends' computers. How would you log in from a random computer on the Internet?

The account name and password combination is convenient to remember and seems to work well in practice for logging in to computer systems.

It's easy enough keeping your password secret when you log into your own machine, and you can use public-key cryptography to have trusted communications with your friends. You can remember your account name and password, but you're not going to be carrying around your private key (if such a system is to work for most people, you're probably not even going to be aware you have a private key).

You can trust your friends, but you don't want to tempt them by transmitting the cleartext passwords to their machine (ever have an obsessive ex as a friend on Facebook?). Having a unique password for each of your friends' machines won't work because you can't remember them all.

On the other hand, you can assume that your friends probably won't want to crack your password hash to get your password, and if their machine ever gets stolen, they'll tell you so you can change your password (ok, maybe that last point is not true).

If you take your password, assign each of your friends a unique salt, and give them the salt and the PBKDF2 (or whatever) digest of the salt and password, you can do the password checking in any browser with JavaScript by having their machine send the salt to the browser, the browser computing the PBKDF2 digest and sending it back to their machine, and their machine verifying the digest.

Your friends don't have your private key, but they can sign your messages with the private keys on their machines on your behalf. If you see strange messages signed on your behalf, you can assume that either your password has been compromised, or your friend's machine is acting maliciously (because it has been stolen, compromised, or your friend is doing the equivalent of the "let's post "I'm pregnant" status update" joke when you forgot to log out of Facebook).

You still have your private key on your machine, from where you can change your password, repudiate the fake messages, and publish a revised list of friends that you trust to sign messages on your behalf.

I'm sure this scheme has been thought of before, and I'm sure it has problems I didn't see. Any thoughts or comments? Where should I post this to get the opinions of people knowledgeable on cryptography?

1 comment:

Manuel Simoni said...

Try http://lists.zooko.com/mailman/listinfo/p2p-hackers and http://lists.randombit.net/mailman/listinfo/cryptography