Sorry to be the bearer of such bad tidings. Please note that I'm doing a quick copy/paste from a notification I received. I've edited it a bit.
Please note that LinkedIn has weighed in with a carefully worded blog post:
http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/
Further details:
1. The leak took place on June 4
2. LinkedIn was using unsalted SHA-1 for their password store.
3. FYI, there are two lists. The second one appears to be from eHarmony. Unsalted MD5 used there.
4. The posted passwords are believed to be ones the cracker wanted help with, i.e., they have significantly more already cracked.
Apparently phishing emails are already active in the wild based on the crack:
http://bits.blogs.nytimes.com/2012/06/06/that-was-fast-criminals-exploit-linkedin-breach-for-phishing-attacks/
In other words, if you have a LinkedIn account, expect that the password has been stolen. Go change your password now. If you used that password elsewhere, you know the routine. In addition, as has been pointed out elsewhere, there's no sign LI has fixed the problem. Expect that the password you change it to will also be compromised.
Sorry to be the bearer of such bad tidings. Please note that I'm doing a
quick copy/paste from a notification I received. I've edited it a bit.
Please note that LinkedIn has weighed in with a carefully worded blog post:
An Update on LinkedIn Member Passwords Compromised
Further details:
1. The leak took place on June 4
2. LinkedIn was using unsalted SHA-1 for their password store.
Raising the issue of why Linkedin hasn't adopted the latest security
wrinkles from 1978. ( http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps
)
3. FYI, there are two lists. The second one appears to be from eHarmony.
Unsalted MD5 used there.
Ditto. Normally I would complain about the use of MD5, but what's the point.
Regards
Marshall
Why haven't we taken this out of the hands of website operators yet?
Why can't I use my ssh-agent to sign in to a website just like I do
for about hundred servers, workstations, and my PCs at home?
One local password used everywhere that can't be compromised through
website stupidity...
-A
[snip]
One local password used everywhere that can't be compromised through
website stupidity...
One local password is an excellent idea of course.
"Remote servers directly handling user created credentials" should be appended
to the list of the worst ideas in computer security.
Which digital id architecture should web sites implement, and what's
going to make them all agree on one SSO system and move from the
current state to one of the possible solutions though? 
A TLS + Client-Side X.509 Certificate for every user.
BrowserID
OpenID
Active Directory Federation Services
OASIS SAML / STS + WS-Trust
Shibboleth SSO
CoSign SSO
Facebook Connect
Novell Access Manager
Windows Live ID
[insert a thousand of the other slightly more obscure Multi-website
Single-Login systems]
....
Which digital id architecture should web sites implement, and what's
going to make them all agree on one SSO system and move from the
current state to one of the possible solutions though?
A TLS \+ Client\-Side X\.509 Certificate for every user\.
Heck no to X.509. We'd run into the same issue we have right now--a
select group of companies charging users to prove their identity.
[insert a thousand of the other slightly more obscure Multi-website
Single-Login systems]
SSH does a good job of avoiding the pitfalls that most of those other
products have.
Active Directory has costs associated with it.
OpenID requires setting up your own server or using a third party.
Facebook and Google have their own auth systems, but quite a few
people are worried about how much they track you.
And the only time I use a Windows Live account is when I set one up
for a client who needs access to their volume licensing site.
Imaging signing up for a site by putting in your email and pasting
your public key.
No third party verifying and certifying who you are like with SSL
certs and charging you for the privilege (plain 'ol username/password
logins don't give you any verification either--linkedin has no clue
who I really am) just a key exchange from the user and server proving
that you've both seen each other before.
-A
Yes! Yes! Yes!
I've been making this exact argument for about a year. It even retains
the same "email a link" reset mechanism when someone needs to reset
their key.
A common counter-argument is, "But ordinary Internet users won't
understand SSH keys." They don't need to! The idea is easily explained
via a lock-and-key metaphor that people already understand. The UI for
walking users through key creation is easily imagined.
-Snow
Oh yeah, I can just imagine that "lock and key" conversation now...
"Imagine if the website has a lock on it, and you tell them what key you want to use by giving them a copy."
"But if they have a copy of my key, couldn't they use it to open all of the other locks I've set up to use it?"
"(explain public key crypto)"
"(drool, distraction by the latest Facebook feature)"
The other problem with this approach is that, as bad as trusting remote sites to do security properly is, I'm not sure that putting a "one key to rule them all" on users' machines is that much better, given the average user's penchant for installing malware on their machine because "FunnyMonkeyScreensaver.exe" sounded like such a good idea at the time... I suspect we'd see a huge wave of malware whose sole purpose is to steal public keys (and you KNOW users won't password-protect their private keys!). Plus, now you have the problem of users not being able to login to their favourite websites when they're using a friend's computer, internet cafe, etc, unless they've remembered to bring a copy of their private key with them.
I think public key auth for websites is a great idea for geeks who understand the benefits, limitations and security concerns, but I have serious doubts that it would hold up when subjected to the "idiot test".
- Pete
In a message written on Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
Heck no to X.509. We'd run into the same issue we have right now--a
select group of companies charging users to prove their identity.
Why?
A user providing the public half of a self-signed certificate is
exactly the same as the user providing the public half of a
self-generated SSH key.
The fact that you can have a trust chain may be useful in some
cases. For instance, I'm not at all opposed to the idea of the
government having a way to issue me a signed certificate that I
then use to access government services, like submitting my tax
return online, renewing my drivers license, or maybe even e-voting.
The X.509 certificates have an added bonus that they can be used
to secure the transport layer, something that your ssh-key-for-login
proposal can't do.
This is all a UI problem. If Windows/OSX or Safari/Firefox/Chrome
prompted users to create or import a "user certificate" when first
run, and provided a one-click way to provide it to a form when signing
up there would be a lot more incentive to use that method. Today pretty
much the only place you see certificates for users is Enterprises with
Microsoft's certificate tools because of the UI problem.
In a message written on Wed, Jun 06, 2012 at 11:14:58PM -0700, Aaron C. de Bruyn wrote:
Heck no to X.509. We'd run into the same issue we have right now--a
select group of companies charging users to prove their identity.
...
For instance, I'm not at all opposed to the idea of the
government having a way to issue me a signed certificate that I
then use to access government services, like submitting my tax
return online, renewing my drivers license, or maybe even e-voting.
All in favor of paying $119/year to vote, please raise your hands.
I've run into this problem with setting up accounts on aps on my smartphone. A secure password that is relatively easy to type on a regular keyboard becomes a PITA to type on a smartphone. There are a number of sites I simply don't use on my phone because the hassle of setting up each site's ap is greater than the benefit I get from accessing it via the phone.
jc
"Imagine if the website has a lock on it, and you tell them what key you
want to use by giving them a copy."
"But if they have a copy of my key, couldn't they use it to open all of the
other locks I've set up to use it?"
"(explain public key crypto)"
"(drool, distraction by the latest Facebook feature)"
You'd run into the same issue explaining how MD5, SHA1, salting,
etc... works to 'protect' their password.
Users don't care.
If putty were to pop up its password box when my mother signed in to
her computer and then I said something like "Don't worry, you won't
need to enter passwords while you surf the 'net now." and maybe showed
her the chrome extension icon thingy to click when she wants to paste
her 'password' (public key) into a new site, she'd be fine with it.
The other problem with this approach is that, as bad as trusting remote
sites to do security properly is, I'm not sure that putting a "one key to
rule them all" on users' machines is that much better, given the average
user's penchant for installing malware on their machine because
"FunnyMonkeyScreensaver.exe" sounded like such a good idea at the time...
And how does our current system of usernames and passwords avoid
malware that logs keystrokes?
I suspect we'd see a huge wave of malware whose sole purpose is to steal
public keys (and you KNOW users won't password-protect their private keys!).
Plus, now you have the problem of users not being able to login to their
favourite websites when they're using a friend's computer, internet cafe,
etc, unless they've remembered to bring a copy of their private key with
them.
Yep--that's the one big problem I can see with this 'solution' that I
don't have an answer for yet.
It would be difficult to get users to carry around a USB key or a
smartcard, or whatever to get them signed in while away from their
home computer.
-A
True,
Back in 1998-1999 timeline, there was an ongoing project to have the US
Postal service issue X.509 certificates at a nominal fee. The fact that even
the most rural areas have access to a post office made a lot of sense. After
the 2000 election, the project was cancelled because "private business" can
handle it better.
I'm imagining my mother trying this, or trying to help her change it after the hard drive dies and the media in the safe deposit box doesn't read anymore.
I would think it's fairly simple.
What if she forgot her existing password? Most sites have a 'reset
password' link they e-mail you.
A browser extension 'helper' would simply generate a new key and let
you reset your password. Maybe the helper could be dumbed down enough
to automatically handle the password reset screen and automatically
POST the new key to the reset page.
I'm sure it could be done transparently enough that our mothers
wouldn't need to think twice about it.
Heck--the 'helper' could probably even back up your SSH key off-site
sorta like LastPass does. And if your private key is actually
password protected, it's slightly less useless if the off-site backup
company were compromised.
The only downfall is how do you get access to your e-mail account?
(Google already calls my cell and/or home phone if I request access
without using my password.)
I agree there are stumbling blocks, and it wouldn't be perfect--but it
seems like it would be much better than the alternative we have now.
People using the same password on multiple sites, passwords written
down, dumb website operators not salting their hashes, etc...
Also, thanks for the great secondary DNS service. 
-A
Or having to deal with family tech support, along the lines of
"You said you pasted it exactly."
"But I did. I've spent hours trying to watch that movie. I don't know
why it isn't working."
"But you {added a period at the end / didn't include the line wrap /
added a space at the beginning / etc}"
"Oh. Does that matter"
For more joy, imagine debugging such issues over the phone. At least I
can say that my Mother (God rest her soul) would never
have indulged in such foolery. She would have just called the company
to send a technician in to send the email for her.
Regards
Marshall
I rarely reply to threads. However the point of interest that is missed is "Not supported anymore because Microsoft says so". So Microsoft starts putting out systems at one per year and not supporting old ones because they "Have you over a barrel"?
Tell your daughter she can't get married? You haven't bought your new operating system this year, and "backward compatible" is a thing of the past?
Then it is $119.00 per year on top of that (maybe)?
Let's say Microsoft promised business to the PC building companies and decides that an operating system per year is only supported on new equipment? The cost to vote could be thousands per year. Only the rich can afford to vote?
The point is that you have to be careful about where you go with technology and who controls it. I am sure there are people who would love to see voting as a "can you afford it" right.
There are other issues than not being familiar with technology, and they specifically affect those of us who have grown older, and lost certain dexterity that used to be innate. There are passwords and pass phrases I used to have committed to muscle memory. I never even had to think about them. I've had to spend literally hours trying to type in a PGP pass phrase that used to be something I could type without thinking.
There is no one size fits all solution to this. I'm still very annoyed with a company that has only now moved to a password solution that should have been in place in 2005. I still don't want single sign on. Not anywhere. I've been around for a very long time, and I'm fine with technical complexity for me, but do not expect the standard 16 year old text messaging addict to be able to handle some of the solutions I've seen suggested, much less most people my age.
Things are so complex now that people on nanog-l forget the average level of expertise among their peer groups is simply not replicated in the outside world. Jokes about needing a teenager to reprogram your VCR are a thing of the past. I used to be in the business of forecasting the future (among other things), and any security solution that is more difficult than knowing not to use the same password for your bank that you do for Facebook is doomed to fail.
{P.S. Ditto on thanks for backup DNS.}
hi etaoin,
I still don't want single sign on. Not anywhere.
i believe that 'single sign on' is a bad deal and dangerous for all, not
just we geeks. essentially it means that the 'identiry provider' owns
your identity. i love that they call themselves 'identity providers'
when it is MY fracking identity and they are reselling it.
the 'single sign on' i encourage for the end using human beings i
support is 1password and its ilk. it provides the user with one sign-on
yet strongly encourages separation of identities and strong passwords
for sites.
add to that, something such as ghostery for your browser, and you have a
small chance of actually preserving your identity and minimizing cross-
site tracking.
randy
hi etaoin,
I still don't want single sign on. Not anywhere.
i believe that 'single sign on' is a bad deal and dangerous for all, not
just we geeks. essentially it means that the 'identiry provider' owns
your identity. i love that they call themselves 'identity providers'
when it is MY fracking identity and they are reselling it.
so... now that this can is open, has anyone looked at:
<http://www.oneid.com/>
they seem to have some interesting options for better authentication.
the 'single sign on' i encourage for the end using human beings i
support is 1password and its ilk. it provides the user with one sign-on
yet strongly encourages separation of identities and strong passwords
for sites.
the oneid people would say: "it is still a shared secret"
-chris
so... now that this can is open, has anyone looked at:
<http://www.oneid.com/>
yep. yet another bucket of identity slime wanting to resell my
identity.
randy