#Signal announced cloud-based backups a month ago, so I am late to the party. Still, I wanted to write down some notes on why 4 digit PINs aren't going to provide real security, no matter how hard one tries.
Thanks to @leip4Ier for bringing this topic to my attention.
Starting with Chrome 80, its sync functionality will encrypt your data properly - as long as you set a passphrase. This still isn't the default however.
I updated two articles from 2018 with newer info. #Firefox and #Thunderbird improved local password protection as of version 72. For my taste, 10,000 iterations are still too low, but it should be enough for strong passwords. #crypto #appsec
Looking at a password manager performing XOR-based obfuscation on some values (e.g. user names) before encryption. Guesses so far: avoiding plaintext in memory and outdated work-around for ECB-based encryption. Neither makes sense given the implementation. 🤯 #crypto
So here you have the full picture now: #PGP doesn't work and never will. Stop recommending it, stop organizing key signing parties, you aren't helping anybody doing that. Just put it to grave instead.
Found a PBKDF2 call in #RememBear with horribly bad parameters. Then realized that it was merely importing passwords from #Chrome. And last year I've actually investigated myself how badly these are protected. #infosec #crypto
On my thread yesterday, @firstname.lastname@example.org and @email@example.com disagreed with my conclusion. In particular, they pointed me to the KeeChallenge plugin which allows #KeePass to use #YubiKey via an offline challenge-response scheme.
He didn't check how they derive the encryption key from your password, so I took a quick look. Apparently, #7zip uses PBKDF2-HMAC-SHA1 with 1000 iterations (hardcoded). In other words, even with the rest of it all implemented flawlessly you better choose a damn strong password if file encryption should be of any use.
Michal Stanek over at Twitter did a quick look at the crypto behind #7zip file encryption. Not entirely surprisingly, what he found wasn't pleasant:
I wanted to see what "Serious Cryptography" has to say on the topic of key derivation. Yet while it refers to key derivation on a number of occasions, the common pitfalls don't seem to be worth a footnote.
Is there any #crypto book dealing with this topic properly?
"Lastly: designers can trade flexibility for reduced complexity, and that’s usually a win. For instance, a crypto protocol can (and often should) hardcode parameters rather than negotiating them."
Nice to see this said so clearly.
Wladimir Palant, software developer and security researcher, browser extensions expert. He/him
A Mastodon instance for info/cyber security-minded people.