Yellow Flag at 🏠 @WPalant@infosec.exchange

@mathew @leip4Ier Unfortunately, the consensus seems to be that nobody wants to enter a secure password on mobile. So whatever solution there is, it has to work with a simple PIN. 🙁

@leip4Ier I doubt that "never update" can realistically work. Even if an enclave is a trivial key/value storage without any own logic, they would at least have to implement the replication mechanism there, likely more. There will be bugs, there will be outdated assumptions and new requirements. One can attempt to keep the update frequency low but completely avoiding updates won't work...

@leip4Ier Of course, the other attack vector would be the enclave software. If I understand the principle correctly, Signal application will accept exactly one enclave identity that it will communicate with. Presumably, the software behind this enclave identity will be open source. Which still leaves two issues: verifying that the enclave identity matches the source and verifying that the source is free of backdoors. Important factors: how much code and how often does it change.

@leip4Ier If that actor is US - yes. If it's some other country, attacking the chip is probably easier for them.

@leip4Ier You don't need Intel's private keys, the private keys extracted from an individual CPU should be sufficient - if these are signed by Intel, these can be used to emulate SGX functionality in that CPU.

@leip4Ier Ah, never mind, it's hardware-supported functionality. Then it might actually be impossible to trick without some really advanced capabilities (such as extracting private keys from a CPU).

@leip4Ier I'd need to read more about SGX, it's a new concept for me. So far I really wonder what can stop software from pretending in order to pass attestation.

@leip4Ier Frankly, I have doubts that they achieved their goal. If we assume an attacker in control of the server (either the org themselves or some hackers), it's hard to prevent numerous parallel connections to the enclave, attempting to bruteforce the PIN.

@leip4Ier The big deal I think is how this relatively short PIN can be sufficient protection. PfP uses a fairly complicated master password to encrypt data uploaded to some server, and it still has to do heavy scrypt operations to make this sufficiently secure. They use Argon2 (presumably with a random salt) which offers a similar level of protection.

Essentially, they store an additional salt via SGX on the server. It's an interesting concept.

Going down the memory lane, I cannot find any mentions of the TSR in question - a russification application which I think was called "gamma" (yes, non-English wasn't trivial back in DOS days). I see mentions of Alfa and Beta, so I'd assume Gamma used to be an improved version.

And - yes, I can totally see how this error message can make someone despair. Crazy enough, I actually remember moving TSRs into high memory. 😀

Fun fact about this older rant by Raymond Chen: often you can search for the error message and identify the anonymized guilty party. Yes, I know many of these games at least by name. https://ptgmedia.pearsoncmg.com/images/9780321440303/samplechapter/Chen_bonus_ch02.pdf

@leip4Ier I doubt that it's easier. I comes "naturally" so there is far less incentive to think about it. And - yes, a culture of self-reflection would be nice. It would solve lots of issues with our society.

@leip4Ier No, as far as the browsers are concerned "example.com" and "example.com." could be two entirely different hosts. Last I checked they won't even share cookies with each other.

And - yes, there are lots of details that developers don't expect simply because these are uncommon. E.g. IP addresses - almost everybody is surprised that "dotted decimals" isn't the only possible IPv4 notation. Or that the trailing dot is legit here as well...

@leip4Ier Neurotypical people don't inherently understand social situations - they merely assume that everybody ticks the same way they do, and they are far more likely to get away with it than neurodiverse people. Real understanding is hard for everybody and very few people even try.

@leip4Ier Not just the users. Lots of sites don't expect it either, so functionality will break. Around ten years ago I even found a bunch of security vulnerabilities based on the trailing dot notation, with modern browsers this should be far less likely however.

Fun fact: one of the most visited articles on my blog is neither particularly insightful nor well-written. But it has "login form" in the title. So some stupid spam bot will continuously attempt to submit its data to it. Dozens of times per day, from different IP addresses.

And - yes, I deployed it on a Friday afternoon. Compared to the dangers of going outside, that's nothing right now... 😀

Now I finally found the time to look into better options and #MemE theme is great! It was still a quite significant time investment, and I helped iron out a bunch of theme issues while at it, but my blog is looking way better now.

I switched my blog to #Hugo a year ago but haven't really been using its full potential so far. At the time, migrating the content from #Textpattern was already challenge enough. I realized how complex Hugo themes were and opted for a quick & dirty copy of the Textpattern theme.