Re: What will happen to your crypto keys when you die?
Wed, 01 Jul 2009 23:29:00 +0000
On Wed, Jul 1, 2009 at 6:48 PM, Udhay Shankar N wrote:> Udhay Shankar N wrote, [on 5/29/2009 9:02 AM]:>> Fascinating discussion at boing boing that will probably be of interest>> to this list.>>>> http://www.boingboing.net/2009/05/27/what-will-happen-to.html>> Followup article by Cory Doctorow:>> http://www.guardian.co.uk/technology/2009/jun/30/data-protection-internetA .. .. read more..
MD6 withdrawn from SHA-3 competition
Wed, 01 Jul 2009 23:05:00 +0000
Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3competition because of performance considerations.http://www.schneier.com/blog/archives/2009/07/md6.htmlPerry-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..
AES-256 attacked with time complexity 2^119
Wed, 01 Jul 2009 23:00:00 +0000
Bruce Schneier's coverage:http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.htmlPaper:https://cryptolux.uni.lu/mediawiki/uploads/1/1a/Aes-192-256.pdfPerry-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 21:47:00 +0000
On 07/01/2009 02:10 PM, Nicolas Williams wrote:> I should add that a hardware token/smartcard, would be even better, but> the same issue arises: keep it logged in, or prompt for the PIN every> time it's needed? If you keep it logged in then an attacker who> compromises the system will get to use the token, which I bet in> practice is only moderately less bad than compromising the keys> .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 18:54:00 +0000
On Wed, Jul 01, 2009 at 01:06:05PM -0500, Nicolas Williams wrote:| On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote:| > I think he's pointing out a more general problem.| | Indeed. IIRC, the Mac keychain uses your login password as its passphrase| by default, which means that to keep your keychain unlocked requires| either keeping the password around (bad), keeping the keys in .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 18:48:00 +0000
On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote:| | Adam Shostack writes:| > On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:| > | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:| > | > This would be great if LoginWindow.app didn't store your unencrypted| > | > login and password in memory for your entire session (including .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 18:10:00 +0000
I should add that a hardware token/smartcard, would be even better, butthe same issue arises: keep it logged in, or prompt for the PIN everytime it's needed? If you keep it logged in then an attacker whocompromises the system will get to use the token, which I bet inpractice is only moderately less bad than compromising the keysoutright.Nico-- ---------------------------------------------------- .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 18:06:00 +0000
On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote:> I think he's pointing out a more general problem.Indeed. IIRC, the Mac keychain uses your login password as its passphraseby default, which means that to keep your keychain unlocked requireseither keeping the password around (bad), keeping the keys in cleartextaround (worse?), or prompting for the password/passphrase every .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 16:49:00 +0000
On Wed, Jul 01, 2009 at 11:03:13AM -0400, Adam Shostack wrote:> On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:> | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:> | > This would be great if LoginWindow.app didn't store your unencrypted> | > login and password in memory for your entire session (including screen> | > lock, suspend to ram and hibernate).> | >> | .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 16:32:00 +0000
Adam Shostack writes:> On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:> | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:> | > This would be great if LoginWindow.app didn't store your unencrypted> | > login and password in memory for your entire session (including screen> | > lock, suspend to ram and hibernate).> | >> | > I keep hearing that .. .. read more..
Re: password safes for mac
Wed, 01 Jul 2009 15:03:00 +0000
On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:| On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:| > This would be great if LoginWindow.app didn't store your unencrypted| > login and password in memory for your entire session (including screen| > lock, suspend to ram and hibernate).| > | > I keep hearing that Apple will close my bug about this and they keep| > .. .. read more..
Re: What will happen to your crypto keys when you die?
Wed, 01 Jul 2009 08:48:00 +0000
Udhay Shankar N wrote, [on 5/29/2009 9:02 AM]:> Fascinating discussion at boing boing that will probably be of interest> to this list.>> http://www.boingboing.net/2009/05/27/what-will-happen-to.htmlFollowup article by Cory Doctorow:http://www.guardian.co.uk/technology/2009/jun/30/data-protection-internetUdhay-- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))---------------------- .. .. read more..
Re: password safes for mac
Tue, 30 Jun 2009 16:34:00 +0000
On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:> This would be great if LoginWindow.app didn't store your unencrypted> login and password in memory for your entire session (including screen> lock, suspend to ram and hibernate).For what it's worth this only happens at login and doesn't reopen whenunlocking the screen. I have conditioned myself to lock my keychainupon login and .. .. read more..
Re: password safes for mac
Tue, 30 Jun 2009 16:26:00 +0000
On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:> This would be great if LoginWindow.app didn't store your unencrypted> login and password in memory for your entire session (including screen> lock, suspend to ram and hibernate).>> I keep hearing that Apple will close my bug about this and they keep> delaying. I guess they use the credentials in memory for some things> where they .. .. read more..
CSE growing so fast it needs new offices
Tue, 30 Jun 2009 14:29:00 +0000
The CSE, Canada's NSA equivalent, is apparently growing so fast thatthey need new office buildings to hold all their new staff.http://www.defenseindustrydaily.com/Canadas-CSE-ELINT-Agency-Building-New-Facilities-05498/Hat tip: Bruce Schneier's blog.-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe .. .. read more..
Re: password safes for mac
Tue, 30 Jun 2009 10:37:00 +0000
On Jun 28, 2009, at 4:05 PM, Ivan Krsti? wrote:>> Does anyone have a recommended encrypted password storage program for>> the mac?>> System applications and non-broken 3rd party applications on OS X > store credentials in Keychain, which is a system facility for > keeping secrets. Your user keychain is encrypted with your login > password....Which brings up a question I've had about keychain: .. .. read more..
Re: password safes for mac
Tue, 30 Jun 2009 06:29:00 +0000
Ivan Krsti? wrote:> On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:>> Does anyone have a recommended encrypted password storage program for>> the mac?>>> System applications and non-broken 3rd party applications on OS X store> credentials in Keychain, which is a system facility for keeping secrets.> Your user keychain is encrypted with your login password, and items in> it have .. .. read more..
NIST optimized AES hardware...
Sun, 28 Jun 2009 21:48:00 +0000
Apparently, NIST has produced an interestingly optimized design for AESS-box hardware implementations:http://cryptome.org/0001/nist062309.htmPerry-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 21:04:00 +0000
On Sat, Jun 27, 2009 at 09:57:39PM -0400, Perry E. Metzger wrote:> Does anyone have a recommended encrypted password storage program for> the mac?The PasswordSafe project also produces a Java variant "PasswordSafeSWT"that seems to run well enough on OSX. It may be a large assumption, butone would hopefully be able to presume that one group could produce twoviable variants, albeit in different .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 20:43:00 +0000
Bill Frantz writes:> perry@piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:>>>It has problems. Among other things, it only mlocks your session key>>itself into memory, leaving both the AES key schedule (oops!) and the>>decrypted data (oops!) pageable into swap. (Why bother mlocking the text>>of the key if you're not going to lock the key schedule?)>> You .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 20:42:00 +0000
Jon Callas writes:> On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:>> Does anyone have a recommended encrypted password storage program for>> the mac?>> I would recommend the built-in keychain for anything that it works with.There are some things it doesn't work with that are of interest here.Perry---------------------------------------------------------------------The .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 20:05:00 +0000
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:> Does anyone have a recommended encrypted password storage program for> the mac?System applications and non-broken 3rd party applications on OS X store credentials in Keychain, which is a system facility for keeping secrets. Your user keychain is encrypted with your login password, and items in it have application-level ACLs ("this .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 20:02:00 +0000
perry@piermont.com (Perry E. Metzger) on Sunday, June 28, 2009 wrote:>It has problems. Among other things, it only mlocks your session key>itself into memory, leaving both the AES key schedule (oops!) and the>decrypted data (oops!) pageable into swap. (Why bother mlocking the text>of the key if you're not going to lock the key schedule?)You should probably use the encrypted swap feature on the .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 19:53:00 +0000
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:>> Does anyone have a recommended encrypted password storage program for> the mac?>I would recommend the built-in keychain for anything that it works with. Jon---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..
Re: password safes for mac
Sun, 28 Jun 2009 19:15:00 +0000
Thorsten Holz writes:> On 28.06.2009, at 20:34, Perry E. Metzger wrote:>> The fact that it isn't open source worries me a bit -- it means I>> can't>> verify that it does things correctly. Also, it integrates heavily with>> lots of things, which makes me further worry about bugs. I'm looking>> for>> something very simple if possible.>> KeePassX (http:// .. .. read more..