Today’s EXAMINE Newsletter from the SMH/AGE indicated that, similar to how we dealt with Y2K, “Q-Day” is fast approaching.
What’s Q-Day? The moment when Quantum Computing becomes powerful enough to crack the encryption systems that underpin our digital society - date will be sometime in the next decade or two.
Towards that end, many of our existing passwords along with personal details have of course been stolen from lots of breached organisational databases over the past 3 to 4 decades. The passwords, hopefully not used on multiple systems, if short enough can be broken by brute strength attempts. Others are merely stored until the passwords can be cracked or decrypted later as computing power increases and most when Quantum Computing arrives.
How about CHOICE include organisations with lax password policies, say those organisations only allowing 12 character passwords or less, as a category in the Shonky Awards?
Are there still websites that insist on only 8 characters in total, perhaps with 1 letter plus 1 number or special character and a number?
It’s been coming real soon now for decades. Like controlled cheap energy from fusion and AI that can reliably do wonders, nobody knows when they will be available and widespread but that doesn’t stop stories being written.
The article is scaremongering at worst or possibly looking at a time far into the future at best:
Even if the best estimates of Q computing is correct, it is still 10-15 years away. But, to get there, there are significant challenges to overcome. These stories often originate by researchers to drive investment in their research - as the first successful group to develop the technology will win the jackpot.
Alternately the price to be one of the first to potentially have the quantum capability?
Success not assured, they will need to hack a great many personal accounts to get their money back. Speculatively would one be better advised by attempting to break into the finances of the humble indebted Aussie home owner or the world’s million/billionaires?
Identity and personal security will also evolve.
It’s moments like these I look forward to the TV series “Hypothetical” taking up the challenge for a reliable determination of which will win.
There is already work into cryptographic safety in the world of Quantum Computing. No Government wants to be caught with their pants down over what were secure communications now being insecure because of the introduction of Quantum computers. The USA NIST (National Institute of of Standards and Technology) are looking at setting standards for this post Q world and have already selected a few algorithms that are looking quite able to resist the threat. They are currently CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and Falcon. It is known that several encryption schemes we use now are defunct with Q Computing and they are RSA (even now there is a risk of hardware errors leading to leaks of keys) , ECDsa, DSA (Not recommended for signing anymore and only used for legacy purposes), and ECDH. AES 256, SHA 256 and SHA-3 can still have some agility in the Q environment but require much larger outputs than they currently do.
Moving to the new cryptography methods may take years but we can start now in hardening our exposure.
I agree that businesses that allow too simple a password are not helping their users of their services. Weak passwords lead to hacking of the accounts much more easily than if good password policies are in place. It is easy for a consumer to set a weak password if the online portal does not support good practice regarding acceptable password strength and hygiene.
Passwords are a stupid hangover from years ago. Doesn’t matter whether it is a four digit pin, or a convoluted string of seemingly random characters, it is so easily compromised.
Hands up those who let their browser store login details for automatic access to various online sites. I do.
Do away with fixed passwords completely, and use multifactor authentication. Time based one time passwords. TOTP.
I agree. Brute-force crypto-cracking is generally aimed at targets the hacker knows are potentially highly profitable for them. It’s not worth their while going after the “little guy”.
But cracking a password also doesn’t help the hacker get into accounts protected with secure forms of MFA (ie, not codes sent via SMS or to an email address).
Ah but, grasshopper, what makes you think that TOTP is itself quantum resistant?
It is well beyond my expertise to answer that, only to raise the question i.e. to point out that in a multifactor environment, if all factors can be broken by a quantum computer then having multiple factors may not help as much as one would hope.
TOTP and HOTP rely on SHA-1. They may use SHA-2 but in my experience that is not common (today). Based on @grahroll’s post above, both of these (SHA-1 and SHA-2) may be on borrowed time anyway.
There are two different scenarios to cover:
Encrypted data that is intercepted in transit (trivial), stored, and in future decrypted using QC - thereby yielding your password (if the right part of the session was captured).
Hashed data that is copied at rest (data breach), and in future unhashed using QC - thereby yielding your password.
In theory the two could tie together in a blended attack where a hacker armed with a QC intercepts the password of an employee who is doing remote access, then uses that password to copy away a password database, then uses the QC to unhash the passwords.
Defending those scenarios may be beyond the scope of this forum.
Yes, that would be fun but I would like to know whether there are any companies still storing passwords in plaintext. If so - and they get breached - then it won’t matter whether the password is 4 digits or the most complex mess you ever saw. And actually password complexity doesn’t necessarily defend well against a QC that can unhash anyway.
The 2038 Apocalypse may come sooner than Q-Day anyway.
For logins only, it is very easy to prevent brute force attacks - set number of failed login attempts before logging in accounts. A very easy step to implement to prevent the likes of a future Q-computer accessing a secure account. Many important logins already have such facilities (financial institutions, government services, etc) installed to prevent current brute force attacks.
Time. QC promises to do things like factorization and searching faster, but not instantaneously. With TOTP one gets a few tries in one minute to get it right. After that a new code is produced.
SHA-1 or 2 has nothing to do with TOTP. The former are about message digests. The later about pseudo randomizing digits based on an initial seed and the rolling time.
The 2038 ‘bug’ is a non-starter. Unix systems have long ago transitioned to 64bit second counter.
SHA-1 was deprecated in 2011 and will be completely retired in 2030. SHA-2 is the replacement but as noted only SHA 256 and SHA-3 get any mention as usable post Quantum Computers being mainstream.
Anyone using SHA-1 should have moved or be moving to SHA-2 (at least) by now. It is probably better that they choose SHA-256 or SHA-3 and avoid another necessary change that will likely come sooner rather than later.
The big actor here is the US NSA, which has stored rivers of data flowing across the Internet in the belief that one day it may be able to decrypt some of the more important stuff.
The NSA is depending not just on quantum computing developments. It also looks to improved digital computing to crack old encryption.
Speaking of old encryption, if an entity retires a key what happens to it? Well, the NSA would sure be keen to help on that score - and it has been suggested that retired keys are at least sometimes handed over. (This can include quite high level keys, as there is a chain of trust - and they could be extremely handy.)
Who is at risk? If you maintain the “Terrorism for Dummies” website, then you are likely to be an early target. People who post regularly on a consumer website, less so.
As @grahroll indicated, this is an issue that has been in security experts’ minds for several years. While there have been some implementation errors with at least one of the quantum-resistant algorithms, those four are considered secure if implemented correctly. Some existing encryption will remain secure, while other cryptography is theoretically weak against attack from quantum computers.
For the moment all of this is theoretical. Last year, a quantum computer managed to factorise a two digit number! That is a long way from what is needed to break modern cryptography.
Side note: nerds may appreciate the names of two of the new algorithms: CRYSTALS-Kyber and CRYSTALS-Dilithium. Provided links are for non-nerds.
That’s true but in the context of QC the assumption is that captured encrypted or hashed data is attacked offline.
Sorry but this is just not correct. Ask yourself how TOTP creates “pseudorandom digits” based on a shared secret (initial seed) and the time. Answer: It uses SHA-1 (or SHA-2).
That may be true but if I go to my profile on this forum right now and say that I want to add an authenticator, it gives me a 160-bit shared secret i.e. SHA-1.
There is a long time between the time that someone says an algorithm isn’t strong enough any more (theoretically) and the time that it disappears from use. Apparently 13 years and counting.
Even if the forum software used by Choice were upgraded tomorrow and the upgrade brought with it TOTP support for generating longer shared secrets and the use of SHA-2 … that doesn’t necessarily mean that all existing shared secrets will stop working. That would be chaos.
At best, the software would have to force you to generate and store a new shared secret the next time you successfully log in using the old shared secret - and that assumes a hard-arse sysadmin that actually forces that - and that assumes that all client devices have SHA-2 support (which I haven’t attempted to verify). In reality existing weaker shared secrets may remain valid for a “long time”.
So I guess if Choice really wants to “name and shame” it should be a case of “physician heal thyself”. (although by offering the use of a TOTP authenticator for 2FA, albeit SHA-1, Choice is still well ahead of many web sites)
That is true, but, if it offline, MFA will limit the ability to use the information. The password and MFA information for that single point in time will be available. The MFA night not have any value and the password no differently to a compromised password today. It is worth noting that biometrics won’t solve the MFA problem. If there is in stream decryption of data, this will allow access to electronic biometric data for use by others. Once biometric data is compromised, it is valueless. Single use or random MFA therefore has merits.
Parallel hacking could also occur (using decrypted data to login when it has currency), but, this can also be prevented by using IP logging, one login limits etc.
I am not saying that SHA-1 isn’t still being used. The reason for the long time line was so there was plenty of time to upgrade the implementations for everyone. Leaving changes to the last minute also brings risks with it, including errors in the implementation that leave the security at higher risk than if done earlier and rectified before the crunch comes. In the case of the CHOICE example, why not now arrange SHA-2 or SHA-3 based TOTP, and those using old SHA-1 are encouraged to move over. Those that refuse to update, then when the time for hard change has elapsed they lose access until they do update.
Getting back to the original post about the password issue, there are still many sites that allow weak/unsatisfactory password choices, some storage of passwords is very poor, security implementations for holding client data is very, or totally, inadequate. Why not name and shame those that permit and carry out inadequate security when securing the data such as client details and logins?
Certainly, the existing use of weak/unsatisfactory password choices & lax process/ implementation was the focus of my post… further to that giving various sites a “hey you/ get on with it” moment for non-secure/ non-compliant process and storage of user authentication.
I can’t thank you all enough (@person, @grahroll, @Gregr, @postulative) for the eloquent summary of some of the standards & concepts provided.
Obviously The Shonkys/ shaming aren’t the main focus in the long term, but it occurred to me following the above that the effort required by Choice to gather the detail for non-compliant websites/ organisations is huge… anyone know if this type of data is already being collated by others, I wonder?
Yes, it would be a big project, so I doubt that Choice would do it comprehensively. As an example, there are over 90 banks in Australia - and banking would be a priority area for password security. Realistically, the project would have to be limited to the most popular web sites (e.g. Big 4 banks, 3 MNOs, …).
I am not aware of such a dataset already existing. It’s the kind of thing that the government would need to step in and make it part of mandatory reporting e.g. to the OAIC - and then the OAIC could publish it nicely collated on their web site.
However there is a downside to publishing this information. It would be a heads-up for hackers and it would actually make brute-forcing more efficient (whether by one regular CPU, massively parallel regular CPUs, or a QC) - at least until all web sites converge on best practice.
On balance, yes, I would like to see this information published.
I’ll kick things off, starting alphabetically:
ANZ:
Your Internet Banking password or passphrase must be 8 to 16 characters, with at least one number, both upper and lower case letters and no spaces.
Ensure new password or passphrase are significantly different from previous ones and try not to re-use your last 13 previous passwords.
The first bullet point doesn’t make clear whether other punctuation characters are permitted. I would assume not.
The second bullet point is a bit bizarre. “Try” with a specific number? Surely this means that they actually enforce this? (With my IT hat on, I know that where I work we enforce that users can’t reuse any password within X years where X is configured non-trivial, so for most of our dear users password reuse is very unlikely.)
An example of what would seem to be nowhere near best practice for passwords.
In my time of logging into IBM Mainframes, the password was limited to 7 alphanumeric characters. Case ignored. No special characters. Wow, that doesn’t seem very secure.
But, password change was forced every 30 days. Three attempts were allowed before the account was suspended. Password history prevented reuse of passwords for at least a year. At one bank I worked for, the login system was linked to the payroll system, and your account was suspended if on leave.
And to even get to a Mainframe login from anything other than the internal private network, one had to go through a multi-factor authentication front end using dedicated RSA Securid system.
