On Sat, 29 Jun 2013, Edward Ned Harvey (lopser) wrote:
A password key derivation process is absolutely necessary whenever you have
stored key encrypted by a password. The user types in a password, and the key
derivation process applies salting and stretching via some hash algorithm (In
this case, SHA256) to generate the key that is used for encryption/decryption.
In any case, does it really make a difference if the encryption key is the
password stretched or just stored and 'unlocked' in some way by the password?
As long as there is a way to tell if it was the right passowrd or not, all the
attacker needs to do is to attack the password space. they don't have to attack
the stronger key space.
<soap box>
This is especially a problem with software tokens that have a very strong key,
but allow the user to put in a weak password and then can tell the user if the
password they typed was correct before providing a response. This allows an
attacker who can get a copy of the soft token info to brute force the password,
bypassing any lock-outs implemented in the token (by restoring from a backup
every time the soft token locks them out).
If the soft token works in a way that it doesn't know if the password was
correct or not, and always returns a value, requiring interaction with the
server to find out if the value (and therefor the password) was correct, it's
significantly better.
Now, if the attacker gets a keystroke logger on the box to steal the password,
none of this matters.
<soap box>
David Lang
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
