[cdumler]

The reason why it can't be abused the same way is because of the nature of the paired-one-way-encryption system.

A normal password is one-way encrypted. The algorithm makes it easy to turn an input string into encrypted gibberish, but virtually impossible to take encrypted gibberish and turn it into a suitable input string. Your password is run through this "hash" algorithm and stored. To prove your authenticity, you provide the password and the system encrypts it the same way. If the gibberish matches, you must have known the original password. The problem is that this is subject to several attacks, notably a dictionary attack where you just have a big long list of known passwords. The attack encrypts each one and see if you find one that generates the same gibberish. So, let's take the user generated password out of the loop.

The trick is that symmetrical, public-pair encryption creates two keys, such that:

  * A key used to encrypt a string or sign a blob cannot be used to decrypt or verify it (one-way).
  * A key's pair is the only one that can decrypt or verify a signature (symmetrical).
  * A completely random initial value (aka password) starts the process, but after which is no longer relevant to use.
 

With this, we can create two keys: one we hold to ourselves (private) and one we hand out (public). When we want to authenticate, it goes something like:

  Server: Here is a blob of data I generated and encrypted with your public key, prove to me you know what I did.
  Client: Sure thing.  (Decrypts blob with private key, wraps it with a private key signature, hands it back).  Here ya' go!
  Server: OH.. Nice.  Only you could have decrypted it, and only you can sign the results that match the public key I have on file for you.  You must be you.

If the public key is stolen, it doesn't do the attacker any good. Anything it encrypts is only good for you, and anything that it signs can only be verified by you. In theory, the attacker could get you to authenticate with them and that would show you are you. But, your password manager generates a new key for every site and authenticates with the key it knows. Even if the attacker uses one of your keys, it doesn't work unless it is for the site in question, meaning a man-in-the-middle attack. But, this isn't about stopping that. That is what DNS certificates are for. Passkey prevents having anyone but you ever knowing what the password was.

[taeric]

Right, I think this is largely covered in sibling posts. I agree that what you are describing is more secure than only using a password. It is, at a basic level, standard asymmetric encryption, right?

My assertion is more that the more you copy the private secret around, the more you are at risk of exposure. That some companies try to increase usability by copying it in their ecosystem is to make life easier for their users. They are shying from letting you export the secret, but not necessarily out of nefarious motivations? Indeed, there seem to be solid security motivations to not do so. Right?