These things are substantially harder than one might initially imagine, and it is easy to make mistakes. But unfortunately that isn't enough to design strong system. It is great that everyone and every developer has AES and other strong cryptographic primitives at their finger tips. A single, large, encrypted file is very fragile with respect to data corruption.Įven if you make the right choice with respect to encryption modes, key derivation, memory management etc today, can you keep up with research and developments in how such systems might be broken? Again, with respect to 1Password, we pay very close attention both to the cryptographic literature and to the work being done in the password cracking community. The system needs to be robust against data loss. Can you get this in a "roll-your-own" system? Various keys, IVs, salts, nonces have requirements for cryptographically appropriate random numbers. (I recently gave a presentation at PasswordsCon about a flaw in PBKDF2.) What kind of defenses does a roll-your-own system provide against automated password crackers? Will an attacker be able to test tens of millions of passwords per second or just thousands? Key derivation functions used for this purpose are subtle and tricky things. (1Password, in contract, decrypts only a single item at a time as it is needed.) Here are some:Įncrypting a single large file means that when it is decrypted, all of the decrypted data is resident in memory (and may be swapped, dumped, etc). There are lots of ways a home grown password management system could go wrong. But a house made out of such bricks could still be very weak and fragile if the architecture isn't done right. Think of AES as a very strong and well designed brick that everyone can use. Then products like KeePass also provide some extra features which are not to be despised see the list. You can do it yourself, but it won't be as immediate as slapping together a few OpenSSL-based scripts. Most of existing products is about doing such work. Decrypting the file "in memory" and never letting the data go to the disk can be tricky, especially in the presence of virtual memory.Īll of this amounts to this conclusion: while a file full of passwords, encrypted with AES, can be handy, there are a lot of details to take care of, and that's hard work. Deleting files is not sufficient to ensure data destruction. Last but not least, when you encrypt and/or decrypt a file, you tend to produce temporary files which will be written on the harddisk, with the clear file contents in them. Preferably, some sort of MAC is needed, and combining symmetric encryption and a MAC is a subtle matter. Then, the AES should be used with a mode of operation, which has its own rules (IV selection, padding.). The master password must be converted into an encryption key this is the realm of password hashing and it is not simple. In that sense, they can be compared with "AES" no more than a Fiat 500 is comparable to a lone engine.Įncrypting even a simple file of passwords, with a master password, requires some care. Products like 1Password and KeePass use AES and other algorithms into elaborate constructions which try to ensure confidentiality and integrity of the database of passwords. AES is a block cipher, a mathematical object which alone does not achieve any kind of security. Therefore, the question does not really make sense.Īnd so is yours. The Ferrari engine, however magnificent it may be, is still "just an engine" put it down on a road and it will be no more mobile than a boulder. Which is faster, a Fiat 500 or a V12 Ferrari engine ? The Fiat 500 sure is a rather minimal car.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |