The "To Keep Up" Wiki

A collection of information we find useful

User Tools

Site Tools

Trace: iphone_comparison internet_service m_m memorycards buffets osmopocket passkey
passkey

Table of Contents

This is an old revision of the document!

[This page last changed 2024.03.13 04:35; visits 7 times today, 6 times yesterday, and 1234 total times]

Presentation can be include https://blog.1password.com/passkeys-vs-passwords-differences/

Passkey vs Password. What's the difference?

Password: alpha-numberic-special character sequence, a shared secret. Longer and more complex is better.
Passkey: Uses Public Key Cryptology.

Short video, Passwords: use and risk Marx Brothers

Using passwords

  1. Sign up with a website, eg, buystuff.com
  2. Buystuff accepts a password you create, Buystuff needs to remember this password
  3. You need to remember this password, using a password manager like KeePassXC or others or writing it down
  4. When you log in, you need to send the password to buystuff.com
  5. Buystuff makes sure you entered the correct password and if so lets you in

Using passkeys

  1. You are using a password manager that supports Passkeys
  2. Sign up with a website that supports Passkeys, eg, betterstuff.com
  3. Betterstuff may first require that you create a password to log in
  4. You tell Betterstuff that you want to use Passkeys
  5. Your password manager creates a Public and Private key that's unique for you
  6. You give the Public key to betterstuff.com
  7. The Private key never leaves your device (stays in password manager)
  8. When you want to log into betterstuff.com, the website creates a secret number or character string and encrypts it using your Public key, sends it to you
  9. Only you can decrypt the message as only you have the Private key
  10. You decrypt the message and send back the secret number or character string to betterstuff.com
  11. The website betterstuff.com receives this, compares it to the number or string that they encrypted and sent, and if matches they know it is you, and you're logged in

A lot of this happens behind the scenes.

1. Passkey Example

Let's try a simple public/private key and we'll use addition as an operation and 3-digit numbers to make it easier for this example. Note: it's really much more complicated than this!

  • Pick a Public key: 359; Private key will be 751.
  • Remember, everyone can know the Public key but only you know the Private key.
  • Suppose message is 246
  • Add Public key:
    • 2+3 = 5
    • 4+5 = 9
    • 6+9 = 5 (drop the carry)
  • Thus the encrypted message is 595, they send this to you
  • Anyone monitoring the communication only sees 595 and even though they know your Public key, they can't decrypt the 595
  • You receive the message 595 and decrypt it using your Private key (751), as only you know this
    • 5+7 = 2 (drop the carry)
    • 9+5 = 4
    • 5+1 = 6
  • and you have decrypted the message and see 246.

Note this is a simple example. In real life a much larger Public key and Private key would be used involving large prime numbers and complex mathematics. See: section below for 'gory math'.

2. Live Demonstration

2a. Setting up

We'll assume that you have set up your environment, you need to do this just once. For this demo I'm using Bitwarden, https://bitwarden.com

  1. install Bitwarden,
  2. create Bitwarden account,
  3. log into Bitwarden,
  4. install Bitwarden extension to Firefox.

Note that Bitwarden has OS requirements and that we are using the free version))

2b. Login using an existing passkey

On smi's Muscat using Firefox, log into Shopify.com using BitWarden.
On smi's Muscat using Firefox, log into Nintendo.com using Bitwarden.

note that I've only added the BitWarden extension to Firefox on Muscat.

2b. Creating passkey

This from video this Bitwarden demo video

  1. Go to Shopify.com
  2. Create account with password. Save to Bitwarden.
  3. Verify email so account is active.
  4. Log into Shopify.com, use Bitwarden.
  5. Manage account, Security
  6. Create Passkey
  7. Save it
  8. Log out, log in. Select the icon where userID is entered, select Shopify.
  9. You're logged in.

Click to see gory math public/private key example

Click to hide ⇱

this should be hidden Passkey internals – example

Key Generation This is done once, when we sign up with a website.

  1. Select two large prime numbers, p and q. For simplicity let's use p = 13 and q = 17.
  2. Compute the modulus, n, by multiplying p and q: n = p * q = 13 * 17 = 221
  3. Compute the Euler's totient function, φ(n), which is the number of positive integers less than n that are coprime to n:
    • φ(n) = (p - 1) * (q - 1) = (13 - 1) * (17 - 1) = 192
  4. Choose a public exponent, e. It must be relatively prime to φ(n) or 192, meaning it has no common factors other than 1. For simplicity, let's choose e = 5.
  5. Calculate the private exponent, d, such that (e * d) mod φ(n) = 1:
    • d = e^(-1) mod φ(n)
    • In this case, d = 77

Now that this is done, Alice has her Public Key (e, n) which is (5, 221) and her private key (d, n) which is (77, 221)

Encryption Here's how the website uses this passkey to authenticate us. Website wants to send a message to us, with passkey our job is to decode this and return the decrypted message to the website so the website will know we are who we claim.

Let's say the website encrypts the string “HELLO”, and will send it to us, we'll decrypt using our private key and return the string to the website.

The website does:

  1. Convert the message HELLO to numerical representation: 8 5 12 15
  2. Using the public key (5, 221), the website computes
    • H = 8^5 mod 221 = 32768 mod 221 = 119
    • E = 5^5 mod 221 = 3125 mod 221 = 197
    • L = 12^5 mod 221 = 248831 mod 221 = 35
    • L = 12^5 mod 221 = 248831 mod 221 = 35
    • O = 15^5 mod 221 = 759375 mod 221 = 65
  3. Website sends the encrypted message (119, 197, 35, 35, 65) to us

Decryption We receive the encrypted message (119, 197, 35, 35, 65) from the website.
we use our private key to decrypt the message using our private key (d, n) = (77, 221)
Applying modular exponentiation we get

  • 119^77 mod 221 = 8 which is 8th letter or H
  • 197^77 mod 221 = 5 which is 5th letter or E
  • 35^77 mod 221 = 12 which is 12th letter or L
  • 35^77 mod 221 = 12 which is 12th letter or L
  • 65^77 mod 221 = 15 which is 15th letter or O

We have decrypted the message to the string HELLO.

We then send the plaintext HELLO back to the website. Since we're the only ones with the private key that can decode a message sent with our public key, the website knows it is really us.

In this example, we chose small prime numbers for simplicity, but in practice, much larger prime numbers are used to enhance security. The modulus (n) is derived from the product of these primes, and the public exponent (e) is chosen such that it is coprime to φ(n). The private exponent (d) is calculated using modular arithmetic. This ensures that only the possessor of the private key can decrypt messages encrypted with the corresponding public key.

Password Managers Supporting Passkeys as of 04 March 2024

App Passkeys What's for free?
BitwardenBrowser onlyFree: 2 users, 2 collections, Unlimited devices & passwords, passkeys, username and password generator. Online vault only but you can back it up elsewhere.
pricing and details Bitwarden and passkeys (search)
1Passwordon Android Free for 14 days. Individual plan $2.99/mo: 1 user, unlimited devices & passwords
Passkey support on Android
Dashlane yes, mobile only Free: 1 device at a time, 25 passwords. Paid=“Premium” $4.99/mo, many devices, no limit on passwords, VPN.
plan comparison
KeepassXCusing browser extensionVault where you want it. 1 user, unlimited collections, devices, passwords. Password generator. Not sure passkey details. Note: you save your encrypted 'vault' where you want, eg: your computer, memory stick, cloud storage.
Applerequires iOS & iPadOS 16, MacOS 13 or later.No charge. Details on use
Googleyes about and link for setting up

References

passkey.1710329737.txt.gz · Last modified: 2024.03.13 07:35 by Steve Isenberg