The "To Keep Up" Wiki

A collection of information we find useful

User Tools

Site Tools

Trace: m_m buffets iphone_comparison internet_service memorycards dokuwiki_annoyances osmopocket lctg2023 wip passkey
passkey

Table of Contents

This is an old revision of the document!

[This page last changed 2024.03.05 12:22; visits 7 times today, 6 times yesterday, and 1234 total times]

Presentation can be include https://blog.1password.com/passkeys-vs-passwords-differences/

Passkey vs Password. What's the difference?

Password: alpha-numberic-special character sequence, a shared secret. Longer and more complex is better.
Passkey: Uses Public Key Cryptology.

Short video, Passwords: use and risk Marx Brothers

Using passwords

  1. Sign up with a website, eg, buystuff.com
  2. Buystuff accepts a password you create
  3. You need to remember this password, using a password manager like KeePassXC or others
  4. When you log in, you need to send the password to buystuff.com
  5. Buystuff makes sure you entered the correct password and if so lets you in

Using passkeys

  1. Sign up with a website that supports passkeys, eg, goodstuff.com
  2. You are using a password manager that supports passkeys
  3. Your password manager creates a public and private key that's unique for you
  4. You give the public key to goodstuff.com
  5. The private key never leaves your device
  6. When you want to log into goodstuff.com, the website creates a secret number and encrypts it using your public key, sends it to you
  7. Only you can decrypt the message as only you have the private key
  8. You decrypt the message and send back the secret number or phrase to goodstuff.com
  9. The website goodstuff.com receives this, compares it to what they encrypted and sent, and if matches they know it is you, and you're logged in

A lot of this happens behind the scenes.

1. Passkey Example

Let's try a simple public/private key and we'll use addition as an operation and 3-digit numbers to make it easier for this example.

  • Pick a public key: 359; private key will be 751.
  • Remember, everyone can know the public key but only you know the private key.
  • Suppose message is 246
  • Add public key:
    • 2+3 = 5
    • 4+5 = 9
    • 6+9 = 5 (drop the carry)
  • Thus the encrypted message is 595, they send this to you
  • Anyone monitoring the communication only sees 595 and even though they know your public key, they can't decrypt the 595
  • You receive the message 595 and decrypt it using your private key (751), as only you know this
    • 5+7 = 2 (drop the carry)
    • 9+5 = 4
    • 5+1 = 6
  • and you have decrypted the message and see 246.

Note this is a simple example. In real life a much larger public key and private key would be used involving large prime numbers and complex mathematics. See: section below for 'gory math'.

2. Live Demonstration

2a. Using existing passkey

On smi's Muscat, log into Shopify.com using BitWarden for either shopify1 or shopify2 account and its passkey.

2b. Creating passkey

This from video this Bitwarden demo video

  1. Set up environment once1)
  2. Go to Shopify.com
  3. Create account with password. Save to Bitwarden.
  4. Verify email so account is active.
  5. Log into Shopify.com, use Bitwarden.
  6. Manage account, Security
  7. Create Passkey
  8. Save it
  9. Log out, log in. Select the icon where userID is entered, select Shopify.
  10. You're logged in.

Click to see gory math

Click to hide ⇱

this should be hidden Passkey internals – example

Key Generation This is done once, when we sign up with a website.

  1. Select two large prime numbers, p and q. For simplicity let's use p = 13 and q = 17.
  2. Compute the modulus, n, by multiplying p and q: n = p * q = 13 * 17 = 221
  3. Compute the Euler's totient function, φ(n), which is the number of positive integers less than n that are coprime to n:
    • φ(n) = (p - 1) * (q - 1) = (13 - 1) * (17 - 1) = 192
  4. Choose a public exponent, e. It must be relatively prime to φ(n) or 192, meaning it has no common factors other than 1. For simplicity, let's choose e = 5.
  5. Calculate the private exponent, d, such that (e * d) mod φ(n) = 1:
    • d = e^(-1) mod φ(n)
    • In this case, d = 77

Now that this is done, Alice has her Public Key (e, n) which is (5, 221) and her private key (d, n) which is (77, 221)

Encryption Here's how the website uses this passkey to authenticate us. Website wants to send a message to us, with passkey our job is to decode this and return the decrypted message to the website so the website will know we are who we claim.

Let's say the website encrypts the string “HELLO”, and will send it to us, we'll decrypt using our private key and return the string to the website.

  1. Convert the message HE to numerical representation: 8 5 12 15
  2. Using the public key (5, 221), the website computes
    • H = 8^5 mod 221 = 32768 mod 221 = 119
    • E = 5^5 mod 221 = 3125 mod 221 = 197
    • L = 12^5 mod 221 = 248831 mod 221 = 35
    • O = 15^5 mod 221 = 759375 mod 221 = 65
  3. Website sends the encrypted message (119, 197, 35, 35, 65) to us

Decryption We receive the encrypted message (119, 197, 35, 35, 65) from the website.
we use our private key to decrypt the message using our private key (d, n) = (77, 221)
Applying modular exponentiation we get

  • 119^77 mod 221 = 8 which is 8th letter or H
  • 197^77 mod 221 = 5 which is 5th letter or E
  • 35^77 mod 221 = 12 which is 12th letter or L
  • 65^77 mod 221 = 15 which is 15th letter or O

We then send the plaintext HELLO back to the website. Since we're the only ones with the private key that can decode a message sent with our public key, the website knows it is really us.

In this example, we chose small prime numbers for simplicity, but in practice, much larger prime numbers are used to enhance security. The modulus (n) is derived from the product of these primes, and the public exponent (e) is chosen such that it is coprime to φ(n). The private exponent (d) is calculated using modular arithmetic. This ensures that only the possessor of the private key can decrypt messages encrypted with the corresponding public key.

Password Managers Supporting Passkeys as of 04 March 2024

App Passkeys What's for free?
BitwardenBrowser onlyFree: 2 users, 2 collections, Unlimited devices & passwords, passkeys, username and password generator. Online vault only.
pricing and details Bitwarden and passkeys (search)
1Passwordon Android Free for 14 days. Individual plan $2.99/mo: 1 user, unlimited devices & passwords
Passkey support on Android
Dashlane yes, mobile only Free: 1 device at a time, 25 passwords. Paid=“Premium” $4.99/mo, many devices, no limit on passwords, VPN.
plan comparison
KeepassXCbrowser only
NR4PT		Vault where you want it. 1 user, unlimited collections, devices, passwords. Password generator. Not sure passkey details. Note: you save your encrypted 'vault' where you want, eg: your computer, memory stick, cloud storage.
Applerequires iOS & iPadOS 16, MacOS 13 or later.No charge. Details on use
Googleyes about and link for setting up

info on Keepass and passkeys.
NR4PT: Not ready for prime time (my opinion)

References

1)
1:install Bitwarden, 2:create Bitwarden account, 3:log into Bitwarden, 4:install Bitwarden extension to Firefox. Note that Bitwarden has OS requirements and that we are using the free version
passkey.1709670130.txt.gz · Last modified: 2024.03.05 15:22 by Steve Isenberg