Going over your points:
- Yes, I should select some other slow hash function. Do you have a
suggestion for a secure function available in python?
- It is less random. That is why it is popped.
- It really doesn't matter if some names have a tiny bit lower
probability of getting selected. Much more useful would be to add more
names.
- Now you're just trolling. The username suffix is indeed not random,
but derived like the rest of the credentials.
- Yes, in python you do not have control over memory like you have in C.
Maybe the comments should have been formulated to look less scary? As I
pointed out in the code, I indeed need another slow hash function. I'm
on it.
R.
On 13/05/14 15:28, jvoisin wrote:
> On 05/13/2014 03:17 PM, Rémi wrote:
>> Good suggestion.
>>
>> I added the following text to the repository:
>>
>> Goldfish is unlocked using 1.000.000 rounds of sha512, which takes ~1.5
>> seconds in python. The hash rounds are not meant to replace an actual
>> strong password, so the password should be about as strong as your
>> truecrypt password.
>> A danger is that the root password would be guessed. It is also not
>> obvious how to change a password. If a service provider has the
>> username/password pair this does not give away anything about other
>> credentials.
>>
>> Obfuscation.
>> The usernames are designed to 'look real'. They are derived from common
>> western names with an added suffix. The service passwords and username
>> suffixes vary in length to further obfuscate that Goldfish is used.
>> If someone really wants to they could figure out that a set of
>> credentials was likely generated using Goldfish. This should not
>> directly be obvious, certainly not by just looking at the username.
>>
>> R.
>
> A quick glance at your code tells me that I don't want to use this
> software at all.
>
> - "My own implementation of a slow hash function." : Why are you
> inventing your own crypto ?
>
> - "# Pop the first number because it is probably less random." :
> Probably less random ?!
>
> - "# Yes, I know how this affects the name distribution." : Why
> admitting that your distribution is flawed instead of fixing it ?!
>
> - """" Given some information it looks up the correct username and
> appends some random data """" : This is wrong, the appended data is not
> random at all.
>
> - Your lock/unlock system has no control over the memory of the process.
>
> - ...
>
> You may want to read some papers about cryptography before creating this
> kind of softwares.
>>
>>
>> On 13/05/14 12:09, intrigeri wrote:
>>> Hi Rémi,
>>>
>>> Rémi wrote (12 May 2014 09:48:13 GMT) :
>>>> I wrote an ephemeral password manager, for privacy and anonymity.
>>>> The idea is that you use a root password to deterministically generate
>>>> credentials, so no need to store the credentials.
>>>
>>> Thanks for this suggestion.
>>>
>>> Just curious: is there any threat model description, and security
>>> analysis of the underlying password generation algorithm, to be
>>> found somewhere?
>>>
>>> Cheers,
>>>
>> _______________________________________________
>> Tails-dev mailing list
>> Tails-dev@???
>> https://mailman.boum.org/listinfo/tails-dev
>> To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
>>
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
>