#Signal announced cloud-based backups a month ago, so I am late to the party. Still, I wanted to write down some notes on why 4 digit PINs aren't going to provide real security, no matter how hard one tries.
Thanks to @leip4Ier for bringing this topic to my attention.
https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/
Starting with Chrome 80, its sync functionality will encrypt your data properly - as long as you set a passphrase. This still isn't the default however.
Firefox Sync design has been better from the start. No progress here unfortunately. #crypto #appsec
https://palant.info/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/
I updated two articles from 2018 with newer info. #Firefox and #Thunderbird improved local password protection as of version 72. For my taste, 10,000 iterations are still too low, but it should be enough for strong passwords. #crypto #appsec
https://palant.info/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother/
Came across this wonderful web-only password manager today. Sure, security-wise that's an inherently flawed combination. But their security bullshit is soooo charming... #crypto #passwords
Looking at a password manager performing XOR-based obfuscation on some values (e.g. user names) before encryption. Guesses so far: avoiding plaintext in memory and outdated work-around for ECB-based encryption. Neither makes sense given the implementation. 🤯 #crypto
I tried producing some useful instructions for less experienced people to recognize flaws in password managers. Let me know whether it worked!
#infosec #crypto #passwords #bugbounty #bugbountytip
https://palant.de/2019/08/12/recognizing-basic-security-flaws-in-local-password-managers/
And #email is indeed beyond saving, I don't see secure communication over email to happen, ever. No way around establishing new protocols for encrypted communication, e.g. #Signal.
https://palant.de/2018/11/12/as-far-as-i-m-concerned-email-signing-encryption-is-dead/
So here you have the full picture now: #PGP doesn't work and never will. Stop recommending it, stop organizing key signing parties, you aren't helping anybody doing that. Just put it to grave instead.
Ok, calling it a week. Six #RememBear issues reported so far, and I haven't even started with the encryption yet. #infosec #passwords #crypto
https://infosec.exchange/users/WPalant/statuses/101896912427047204
Found a PBKDF2 call in #RememBear with horribly bad parameters. Then realized that it was merely importing passwords from #Chrome. And last year I've actually investigated myself how badly these are protected. #infosec #crypto
https://palant.de/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/
I think that now I also understand what OtpKeyProv plugin for #KeePass is doing. The scheme is very similar to what I saw in the KeeChallenge plugin, but it's supposed to work with any hardware token supporting OATH HOTP standard.
He didn't check how they derive the encryption key from your password, so I took a quick look. Apparently, #7zip uses PBKDF2-HMAC-SHA1 with 1000 iterations (hardcoded). In other words, even with the rest of it all implemented flawlessly you better choose a damn strong password if file encryption should be of any use.
Michal Stanek over at Twitter did a quick look at the crypto behind #7zip file encryption. Not entirely surprisingly, what he found wasn't pleasant:
I wanted to see what "Serious Cryptography" has to say on the topic of key derivation. Yet while it refers to key derivation on a number of occasions, the common pitfalls don't seem to be worth a footnote.
Is there any #crypto book dealing with this topic properly?
"Lastly: designers can trade flexibility for reduced complexity, and that’s usually a win. For instance, a crypto protocol can (and often should) hardcode parameters rather than negotiating them."
Nice to see this said so clearly.
https://sockpuppet.org/blog/2013/07/22/applied-practical-cryptography/
Found another #LastPass vulnerability allowing their server to decrypt user's passwords. Sent a report, from experience it will take a while until I can disclose the details. #infosec #security #passwords #crypto
Just because you can avoid sending passwords as clear text, doesn't mean that you should. Yes, this is somewhat counterintuitive. #infosec #crypto #webcrypto #security
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant