On Mon, Apr 11, 2005 at 10:38:40AM +0100, Steve Simon wrote:
> I want to backup my secstore on other machines, and
> he 9grid nodes seem the obvious place. I trust
> the 9grid adminstrators as far as I can (I have never met them),
> but in the general case, how secure is the secstore from
> a dictionary attack by bootes?
> 
> I have read the text on secstore in /sys/doc/auth.ps but I
> don't feel qualified to make a decision.
> 
> Any security experts out there?
> 
> -Steve

First: I don't claim to be a security expert :)

The algorithms used are similar enough to those used in other
systems (that have been used for a good while and are currently
considered secure) for me to feel comfortable with it. Keys are
stored with Rijndael+CBC, so birthday attacks aren't going to be
likely either.

I think that you'd need to be more worried about transmitting
keys over plain text protocols. You will never be protected
against dictionary attacks by one who has access to the keys in
their encrypted form, but the PAK protocol used in secstore
``prevents dictionary attacks on the password by passive
wiretappers or active intermediaries'' (i.e. active or passive
third parties).

If you choose strong passwords (passphrases are good these
days), dictionary attacks should be infeasible. So unless
someone finds a way to access the memory with the decrypted
passphrases (or your password is `moo'), you should feel safe
with the methodology used by factotum / secstore.

--Devon