lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <218AE73F98E99C4C98AF7D5166AA798E09036FCB@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Sun, 17 Feb 2013 07:29:24 +0000
From: Marsh Ray <maray@...rosoft.com>
To: Jeffrey Goldberg <Jeffrey@...dmark.org>,
	"discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
CC: Peter Gutmann <pgut001@...auckland.ac.nz>
Subject: RE: [PHC] Any "large verifiers" on the panel?

> -----Original Message-----
> 
> I am neither a cryptographer nor a hacker, so forgive me if this question is
> naive. Any asymmetric scheme will require some secret key to be available to
> the legitimate verifier at verification time (right?). And if so, shouldn't we
> expect that the same compromises that would get the password hashes
> would also get at that secret?
> 
> If there is something that I'm missing here, please feel free to point me
> toward what I should be reading.

It doesn't matter that you're not a cryptographer, you're right on the money from a common-sense practical perspective.

Encryption is a device for converting a plaintext secrecy problem into a secret key management problem. Keys are usually much smaller than plaintexts and you can distribute them ahead of time, so this is sometimes a very useful trade to make.

But if you still need the key live and accessible to the online service, you've still got basically the same exposure. HSMs (hardware security modules) are sometimes a good way to keep a secret key and use it too. However, they're still just a computer at heart have to be willing to follow external instructions from on-line systems. For example, Comodo and DigiNotar had their private keys in an HSM and yet the attacker was still able to accomplish his goals by forging requests that the HSM was obliged to obey.

- Marsh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ