Going over your points: - Yes, I should select some other slow hash function. Do you have a suggestion for a secure function available in python?
- It is less random. That is why it is popped. - It really doesn't matter if some names have a tiny bit lower probability of getting selected. Much more useful would be to add more names. - Now you're just trolling. The username suffix is indeed not random, but derived like the rest of the credentials. - Yes, in python you do not have control over memory like you have in C. Maybe the comments should have been formulated to look less scary? As I pointed out in the code, I indeed need another slow hash function. I'm on it. R. On 13/05/14 15:28, jvoisin wrote: > On 05/13/2014 03:17 PM, Rémi wrote: >> Good suggestion. >> >> I added the following text to the repository: >> >> Goldfish is unlocked using 1.000.000 rounds of sha512, which takes ~1.5 >> seconds in python. The hash rounds are not meant to replace an actual >> strong password, so the password should be about as strong as your >> truecrypt password. >> A danger is that the root password would be guessed. It is also not >> obvious how to change a password. If a service provider has the >> username/password pair this does not give away anything about other >> credentials. >> >> Obfuscation. >> The usernames are designed to 'look real'. They are derived from common >> western names with an added suffix. The service passwords and username >> suffixes vary in length to further obfuscate that Goldfish is used. >> If someone really wants to they could figure out that a set of >> credentials was likely generated using Goldfish. This should not >> directly be obvious, certainly not by just looking at the username. >> >> R. > > A quick glance at your code tells me that I don't want to use this > software at all. > > - "My own implementation of a slow hash function." : Why are you > inventing your own crypto ? > > - "# Pop the first number because it is probably less random." : > Probably less random ?! > > - "# Yes, I know how this affects the name distribution." : Why > admitting that your distribution is flawed instead of fixing it ?! > > - """" Given some information it looks up the correct username and > appends some random data """" : This is wrong, the appended data is not > random at all. > > - Your lock/unlock system has no control over the memory of the process. > > - ... > > You may want to read some papers about cryptography before creating this > kind of softwares. >> >> >> On 13/05/14 12:09, intrigeri wrote: >>> Hi Rémi, >>> >>> Rémi wrote (12 May 2014 09:48:13 GMT) : >>>> I wrote an ephemeral password manager, for privacy and anonymity. >>>> The idea is that you use a root password to deterministically generate >>>> credentials, so no need to store the credentials. >>> >>> Thanks for this suggestion. >>> >>> Just curious: is there any threat model description, and security >>> analysis of the underlying password generation algorithm, to be >>> found somewhere? >>> >>> Cheers, >>> >> _______________________________________________ >> Tails-dev mailing list >> [email protected] >> https://mailman.boum.org/listinfo/tails-dev >> To unsubscribe from this list, send an empty email to >> [email protected]. >> > > _______________________________________________ > Tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > [email protected]. > _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
