[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: [Issue 4145] Master passphrase and encrypted credentials cache

From: Markus Schaber <m.schaber_at_3s-software.com>
Date: Tue, 27 Mar 2012 16:45:35 +0000

Hi, Greg,

Von: Greg Stein [mailto:gstein_at_gmail.com]
> On Tue, Mar 27, 2012 at 12:23, Markus Schaber <m.schaber_at_3s-software.com> wrote:
> > Von: Greg Stein [mailto:gstein_at_gmail.com]
> >> On Mar 27, 2012 12:55 AM, "Daniel Shahaf" <d.s_at_daniel.shahaf.name> wrote:
> >> >...
> >> > > On 27.03.2012 05:23, Greg Stein wrote:
> >> > > >...
> >> > > > While discussing this on IRC some, I did think of one case
> >> > > >where you want to know they got the correct master passphrase:
> >> > > >when they are updating a server's password. A mis-entry could
> >> > > >completely garble the stored/encrypted contents.
> >> >
> >> > Don't ew have some other ways of addresing that use-case? Such as,
> >> > say, encrypting a random string, and at decrypting compare the
> >> > decrypted text's sha1 to the value computed at encryption time?
> >
> >> There ya go. I knew we could tease out a solution. That sounds good to me.
> >> So, for each password, we store two more 16-byte blocks of encrypted data, and a SHA1 has (20 bytes). At decrypt time, we also decrypt those blocks, hash the 32 byte result, and compare against the hash.
> >> I would also suggest that we append those two blocks to the padded password, so they get the advantage of CBC, without needing to pick a second IV.
> >
> > I know I'm supposed to shut up,
>
> You don't have to shut up... I'd just prefer that you don't patronize me.

Sorry, I never wanted to patronize anyone.

It seems I just had seen too much do-it-yourself "crypto" so all alarm bells start ringing when someone talks about implementing something in that area, instead of using a proven existing solution.

> > but AFAICS, this design does not prevent the offline dictionary attacks mentioned by Greg Hudson.
>
> Through the use of PBKDF2 to generate the per-password crypt keys, the
> offline attacks will become computationally expensive.

That's a good point.

Best regards

Markus Schaber

-- 
___________________________
We software Automation.
3S-Smart Software Solutions GmbH
Markus Schaber | Developer
Memminger Str. 151 | 87439 Kempten | Germany | Tel. +49-831-54031-0 | Fax +49-831-54031-50
Email: m.schaber@3s-software.com | Web: http://www.3s-software.com 
CoDeSys internet forum: http://forum.3s-software.com
Download CoDeSys sample projects: http://www.3s-software.com/index.shtml?sample_projects
Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915 
Received on 2012-03-27 18:46:17 CEST

This is an archived mail posted to the Subversion Dev mailing list.