Re: [dev] securiy guidance

From: <petern_AT_riseup.net>
Date: Wed, 07 Mar 2018 23:47:31 -0800

On 2018-03-08 06:57, Markus Teich wrote:
> petern_AT_riseup.net wrote:
>> I have to yet read up if it is safe to use
>> with a single key, i.e. encrypting n passwords with the same secret key.
>
> Make sure to use salting in this case. Otherwise using the same
> password for multiple sites/keys would be visible.

Looking at the chacha API one needs to use a nonce, in the monocypher
implementation it is 24 bits wide, which would give the option of almost
17M runs with a single key. IIUC adding a salt would further randomize
the output and possibly prevent some other forms of attacks but won't
replace the nonce as the salt cannot be secret either.


> You also want to hide the keys themselves to protect your password
> storage from profiling attacks. For example encrypt a dictionary that
> maps the real key to some randomized filename where the encrypted
> password is stored). I've done something like this with horrible shell
> scripting and using gpg for encryption:
> https://github.com/schachmat/pkv
>
> --Markus

What is a profiling attack? A quick search didn't bring up anything
relevant. I see many people are disturbed by the idea that the keys of
the password key-value store are visible on the filesystem. I will have
to think about that.


In the meantime I am realizing that security is really, really hard. All
the sorts of attacks there are, memory swapping, wiping disk and memory
properly after finished... And I haven't even gotten to the agent part,
which needs to store the password in memory. Thinking about that part
I'm not even sure how can that be done safely. Well, at least I
understand better why are people relying on GPG to do that part. Lesson
learned :)

-- 
------------
  Peter Nagy
------------
Received on Thu Mar 08 2018 - 08:47:31 CET

This archive was generated by hypermail 2.3.0 : Thu Mar 08 2018 - 09:00:09 CET