Re: [9fans] secstore security

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Charles Forsyth <forsyth@terzarima.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] secstore security
Date: Mon, 11 Apr 2005 11:23:44 +0100	[thread overview]
Message-ID: <62c26e89073f7a99463c42198cf6dd62@terzarima.net> (raw)
In-Reply-To: <20050411100113.GC56515@smp500.sitetronics.com>

i think the question was really about security of
the server not the protocol or client use.
can anyone with access to the secstore
files on the secstore machine, specifically its administrator,
do a dictionary attack on those files?

yes.

if i log in to my secstore as the owner of the secstore files,
i can see the file factotum, and run auth/aescbc -d to decrypt it.
of course, i know my own password in this case, but that answers
the question about the file.

it just emphasises the general importance of choosing (or generating)
good  encryptiono keys.   of course, since the server just stores files as  provided
by the client, there is nothing to stop the client making the scheme
more elaborate than currently is done for the file `factotum',
and the client could easily use a fancy scheme to generate and recover
a `password', since it never leaves the client.
in short, the security is ultimately limited by client choice,
and that choice is not itself limited by the server or protocol.

next prev parent reply	other threads:[~2005-04-11 10:23 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-11  9:38 Steve Simon
2005-04-11 10:01 ` Devon H. O'Dell 
2005-04-11 10:23   ` Charles Forsyth [this message]
2005-04-11 11:47     ` Charles Forsyth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=62c26e89073f7a99463c42198cf6dd62@terzarima.net \
    --to=forsyth@terzarima.net \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).