I am quite relieved to find out that there's a protocol that uses zero-knowledge proofs to do password authentication. In a cryptography class I took, the teacher asked the question "What can we use zero-knowledge proofs for?". My suggestion was "to communicate passwords over an insecure network", but he shot it down with "Ehm no, hashes are for that.". Kept me confused for a long time. I guess the protocol is just a little obscure.
In retrospect, maybe I should have known better, as the same teacher did not understand why some students would question the accurateness of the statement "this data is random because it satisfies Golomb's postulates".
Some of the new ZK PAKE[0] schemes are very cool and would prevent phishing attacks. You only share your password with a party which proves in ZK that it already knows your password. Kinda surprised someone hasn't built a startup around it: "Make your enterprise immune to phishing with our expensive auth appliance".
I really want Chrome to roll it out as some sort of browser mediated authentication scheme.
Unfortunately phishing is a social problem, not a technical one. Users will happily put their password into any random webpage which tells them they really really need to, regardless of how much you train them only to put it into a specific application.
It is trivial to make a phishing login where the login page that looks exactly like the legitimate login page. Of course under such conditions training will fail. The rules of the game are such that no amount of training is going users not make mistakes here.
Consider instead that passwords are only entered into some special and distinct OS controlled textbox* that webpages are prevented from mimicking (or even a physical device). This is a far easier training target (only enter passwords into boxes that look like X).
* The software behind this textbox ensures that the site knows the password before asking the user for the password.
> Consider instead that passwords are only entered into some special and distinct OS controlled textbox
No, I understood this already. This is the easy technological solution which doesn't actually solve the real problem: some users (or really all users some of the time) will always be willing to enter their password into some other box which looks nothing like the one that webpages are prevented from mimicking.
Hell, I did it myself today: I entered my work password into an intranet site which was showing a "certificate error", even though in past experience this site had valid certs. Could that have actually been someone who broke into the intranet and set up a honeypot? Absolutely. But I needed the resource that was behind that password box in order to do my job, so I entered my password anyways.
>some users (or really all users some of the time) will always be willing to enter their password into some other box which looks nothing like the one that webpages are prevented from mimicking.
Phishing sites mimick real user sites because that greatly increases the success rate. You can always find someone who will do something, the important question is how often.
I don't think we should just throw up our hands and say user problem are unsolvable with technology. Good UX solves user problems, compare an AppleII to a iPad.
We have two problems: 1. it is easy to mimic password prompts, 2. it is hard for computers to tell who is legitimate and should be sent the password. This solution solves both.
You can never be 100% sure, but you can be as arbitrarily close to sure as you are willing to spend resources for.
If you have a random algorithm with 0% false positives and 50% false negatives, and repeated trials are independent, then technically combining a few dozen runs of the algorithm actually has the same chance of returning the wrong results as a deterministic algorithm failing due to cosmic radiation. The drop-off of failure probability is exponential in the number of trails, making it quite practical to achieve arbitrary certainty. As long as you're a few orders of magnitude more certain than the hardware, the algorithmic randomness ceases to matter.
In retrospect, maybe I should have known better, as the same teacher did not understand why some students would question the accurateness of the statement "this data is random because it satisfies Golomb's postulates".