This sounds far too analogous, but not exactly homologous, to suggesting that Feds ought to be able to get a court order to request a safe manufacturer supply them a workable combination to get into a safe, which only the rightful and legal owner of the safe possesses but does not wish to divulge. Or a locksmith make a key to fit a particular lock for which there is only one possible key that is held by the rightful and legal owner who has invoked her right not to do so for fear of incrimination.

Going to the companies who have to validate user passwords to get a password a user is unwilling or unable to divulge is wrong. Going beyond that in asking for details on how passwords are salted, hashed, what the salts are, etc. ... more wrong still.

That the practice has been revealed should be all any internet startup/company/organization should need to never, ever store a user's password again. Ever.

Actually the legal standard (in the US) to compel someone to turn over a physical key (and I think combination to a physical safe) is fairly low, relative to information. One of the big debates is whether compelled disclosure of a password is information (high protection) vs. access (low protection). Marcia Hofmann from EFF talked to a few people at Hope for about an hour on the finer points in specific situations.

Well, combinations to a safe are viewed quite differently from a physical key to a lock. Compelling the latter has been viewed as permissible, while the former has not.

Where compelled disclosure of a password falls on that spectrum is, indeed, a matter of debate.

However, this is not the same. This is compelling a company to turn over either a user's password (which the user [debatably] could not be forced to turn over without potential infringement of 5A) or specific technical details necessary to business, security, and privacy operations to help them decrypt an encrypted password.

My examples were specifically not about compelling a person criminally charged or investigated to divulge combinations or produce keys. It was about compelling the safe-makers and key-makers to do the job as an end run around users being unwilling or unable to provide the demanded result.

Tangentially, this revelation makes me think a bit more about the CISPA requirements that were discussed regarding protecting employees from being forced to surrender passwords to their employers. Can't help but wonder if backdoor conversations on that proposal were engineered by executive wishes to be able to compel employers to turn over employee passwords because they haven't been successful with service providers directly.

[edit: mixed up my former/latter statement. added last comment. fixed spelling/grammar mistakes.]

I've seen this analogy a few times, that an encryption password is the same as a safe combination. The counter argument is: if a safe contains papers with information that the police can't interpret (either it is in code words, or written in a language for which they don't have an interpreter), can a suspect be compelled to interpret the documents for them?

If not, then to me it would seem that the only password that could be compelled is something like a hard drive firmware boot password, where the contents may not be encrypted but can't be accessed (through normal means) without the password.

The argument is actually whether it's "testimony".

Saying "turn over the physical object used to commit crime" makes turning it over testimonial! But saying "turn over the rifle with the serial number 98980843" is not testimony.

This is a whole other thing, this is a single users password, I think in the article they are talking about every user's password, correct me if I'm wrong.

And even then, a password should be encrypted. If there is a court order to reveal information, then there has to be a way to get this information rather than sending unencrypted passwords to the government so they can snoop through your mail without even being proven that you are guilty.

>they can snoop through your mail without even being proven that you are guilty.

I must point out, "snooping through your mail" requires probable cause, not proof of guilt (that's for a court to decide).

Show up with a warrant for that particular user's data, and be happy with whatever encrypted data you get, and I'm fine with it.

No because competent companies don't just have peoples' passwords. They would have to give the encrypted password, encryption method and salt which would greatly weaken the companies own internal security because now a bunch of people know a lot about the encryption system of the company and those people can't be trusted to keep the information secure.

Good encryption systems assume that the algorithm is known and still are secure in face of that requirement. So if publishing the method makes your system insecure then it's already insecure by design. Security through obscurity is not a viable approach.

Yes, good encryption/hashing assumes the algorithm is known, but we're also talking about the giving away the salt. The salt in a secure hash plays an analogous role to the secret key in an encryption cipher; both are assumed unknown by an attacker.

Security through obscurity?

STO is okay as a part of defence-in-depth, IMO.

There should at least be some burden to notify you that your account has been compromised; that is, you should be notified if you are a 'person of interest.'