Yellow Flag @WPalant@infosec.exchange

#Signal announced cloud-based backups a month ago, so I am late to the party. Still, I wanted to write down some notes on why 4 digit PINs aren't going to provide real security, no matter how hard one tries.

Thanks to @leip4Ier for bringing this topic to my attention.

#crypto #infosec #sgx

https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/

Starting with Chrome 80, its sync functionality will encrypt your data properly - as long as you set a passphrase. This still isn't the default however.

Firefox Sync design has been better from the start. No progress here unfortunately. #crypto #appsec

https://palant.info/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/

I updated two articles from 2018 with newer info. #Firefox and #Thunderbird improved local password protection as of version 72. For my taste, 10,000 iterations are still too low, but it should be enough for strong passwords. #crypto #appsec

https://palant.info/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother/

Came across this wonderful web-only password manager today. Sure, security-wise that's an inherently flawed combination. But their security bullshit is soooo charming... #crypto #passwords

Looking at a password manager performing XOR-based obfuscation on some values (e.g. user names) before encryption. Guesses so far: avoiding plaintext in memory and outdated work-around for ECB-based encryption. Neither makes sense given the implementation. 🤯 #crypto

I tried producing some useful instructions for less experienced people to recognize flaws in password managers. Let me know whether it worked!

#infosec #crypto #passwords #bugbounty #bugbountytip

https://palant.de/2019/08/12/recognizing-basic-security-flaws-in-local-password-managers/

And #email is indeed beyond saving, I don't see secure communication over email to happen, ever. No way around establishing new protocols for encrypted communication, e.g. #Signal.

#crypto #infosec

https://palant.de/2018/11/12/as-far-as-i-m-concerned-email-signing-encryption-is-dead/

The scary thing: some products in need of #crypto such as password managers are being built on top of #PGP because that's supposedly easier to get right. But it's not. Looking at #Passbolt for example, there are definitely better way to do public key crypto.

#infosec

So here you have the full picture now: #PGP doesn't work and never will. Stop recommending it, stop organizing key signing parties, you aren't helping anybody doing that. Just put it to grave instead.

#RIPPGP #crypto #infosec

https://latacora.singles/2019/07/16/the-pgp-problem.html

Ok, calling it a week. Six #RememBear issues reported so far, and I haven't even started with the encryption yet. #infosec #passwords #crypto

https://infosec.exchange/users/WPalant/statuses/101896912427047204

Found a PBKDF2 call in #RememBear with horribly bad parameters. Then realized that it was merely importing passwords from #Chrome. And last year I've actually investigated myself how badly these are protected. #infosec #crypto

https://palant.de/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/

I think that now I also understand what OtpKeyProv plugin for #KeePass is doing. The scheme is very similar to what I saw in the KeeChallenge plugin, but it's supposed to work with any hardware token supporting OATH HOTP standard.

#crypto #passwords

On my thread yesterday, @radoslawbiernac@twitter.com and @3lbios@twitter.com disagreed with my conclusion. In particular, they pointed me to the KeeChallenge plugin which allows #KeePass to use #YubiKey via an offline challenge-response scheme.

#crypto #passwords

https://infosec.exchange/@WPalant/101782751351542399

I am once again thinking about how a hardware token like #YubiKey could be made useful in an offline password manager such as my #PfP. On the first glance, it's a good way to add entropy to the master password, so even a weak master password won't be bruteforced. #infosec #crypto

He didn't check how they derive the encryption key from your password, so I took a quick look. Apparently, #7zip uses PBKDF2-HMAC-SHA1 with 1000 iterations (hardcoded). In other words, even with the rest of it all implemented flawlessly you better choose a damn strong password if file encryption should be of any use.

#crypto #cryptofail

Michal Stanek over at Twitter did a quick look at the crypto behind #7zip file encryption. Not entirely surprisingly, what he found wasn't pleasant:

https://twitter.com/3lbios/status/1087848040583626753

#crypto #cryptofail

I wanted to see what "Serious Cryptography" has to say on the topic of key derivation. Yet while it refers to key derivation on a number of occasions, the common pitfalls don't seem to be worth a footnote.

Is there any #crypto book dealing with this topic properly?

"Lastly: designers can trade flexibility for reduced complexity, and that’s usually a win. For instance, a crypto protocol can (and often should) hardcode parameters rather than negotiating them."

Nice to see this said so clearly.

https://sockpuppet.org/blog/2013/07/22/applied-practical-cryptography/

#crypto #infosec

Found another #LastPass vulnerability allowing their server to decrypt user's passwords. Sent a report, from experience it will take a while until I can disclose the details. #infosec #security #passwords #crypto

Just because you can avoid sending passwords as clear text, doesn't mean that you should. Yes, this is somewhat counterintuitive. #infosec #crypto #webcrypto #security

https://palant.de/2018/10/25/should-your-next-web-based-login-form-avoid-sending-passwords-in-clear-text