At 1/17/24 02:42 PM, YendorNG wrote:Because for some reason I see passkeys as a grey-market commodity and an attack vector-- not as safe as phone authentication.
I get your intuition and I think it probably springs from the fact that passkeys are an open standard and hence make it known "how the trick is done". It's funny that should lead you to think of passkeys as being more ripe for exploitation as a grey market commodity though, because that's one of the areas where they are superior to both passwords and "hardware" authentication.
The key word here is commodity. The grey-market doesn't care about individuals, except in aggregate, and both password and phone authentication force the accumulation of authentication data into a single location that's ready to be commodified if stolen.
In the case of passwords, the mechanism is easy to see. Passwords are a shared secret technology and thus any party that wants to authenticate individuals has to centrally collect authentication data. It can try to make it harder to make use of this data (keeping hashes instead of plaintext, using a salted challenge system, etc) but ultimately these data collections are the commodity du jour of the grey market. The fact that people reuse passwords makes these "password dumps" even more valuable.
The through line for the commodification of "hardware" authentication is similar. I use "hardware" in quotes to denote the idea that authentication material is tied to a particular physical device that is supposedly unclonable in contrast to the often related idea of the authentication running on hardware that is physically isolated from more general purpose computing. The latter is one of the best security techniques we have today and can be used with passkeys as well. The former, while useful in many circumstances, does create a single point of failure ripe for grey-market commodification.
Since bits don't have colors, a party trying to authenticate a phone user can't actually know if a challenge-response calculation was done on a particular phone. So what happens practically is that these operations are attested by a third party signing one or more of the keys involved through a web of trust. Volia, a central point of failure (any signing key in the web) for hackers to concentrate on and steal. The gimmick here is that sometimes the grey market won't sell the keys directly, they'll sell signing services. This happened in the early days of Switch homebrew, you could buy signatures from the stolen keys of smaller developers. Hell, Microsoft recently had its own signing keys stolen!
Passkeys avoid this issue by dropping the pretense of being tied to hardware. Individually this might seemingly be more vulnerable because of the risk of cloning but the aggregate risk is much less.
Thus the great thing about passkeys is that they don't expose users to any second party risk whatsoever. They share a public key with the party they want to be able to authenticate with and that's it. If that other party gets hacked, the user don't care, the key can't even be linked back beyond whatever records the site chose to keep.
[Edit: Relevant to this discussion is the fact that over Christmas a pure software method for extracting data from the secure memory of iPhones was discovered and that modern day Switch homebrew does something similar. Hardware is an additional layer of protection, but it's not unbeatable. Passkeys are an important step away from shared secret systems. The hardware stuff is kind of orthogonal to that.]