[Tails-dev] Goldfish the ephemeral password manager.
Hey! I wrote an ephemeral password manager, for privacy and anonymity. The idea is that you use a root password to deterministically generate credentials, so no need to store the credentials. Based on a keyword (e.g. 'twitter', 'truecrypt' or 'yandex') it generates a normal looking username, password for service providers and a much longer encryption password. https://github.com/RemideZ/Goldfish Any feedback or questions are welcome. I'm also curious if this might be useful for tails. -RemideZ. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
Hi Rémi, Rémi wrote (12 May 2014 09:48:13 GMT) : > I wrote an ephemeral password manager, for privacy and anonymity. > The idea is that you use a root password to deterministically generate > credentials, so no need to store the credentials. Thanks for this suggestion. Just curious: is there any threat model description, and security analysis of the underlying password generation algorithm, to be found somewhere? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
Good suggestion. I added the following text to the repository: Goldfish is unlocked using 1.000.000 rounds of sha512, which takes ~1.5 seconds in python. The hash rounds are not meant to replace an actual strong password, so the password should be about as strong as your truecrypt password. A danger is that the root password would be guessed. It is also not obvious how to change a password. If a service provider has the username/password pair this does not give away anything about other credentials. Obfuscation. The usernames are designed to 'look real'. They are derived from common western names with an added suffix. The service passwords and username suffixes vary in length to further obfuscate that Goldfish is used. If someone really wants to they could figure out that a set of credentials was likely generated using Goldfish. This should not directly be obvious, certainly not by just looking at the username. R. On 13/05/14 12:09, intrigeri wrote: > Hi Rémi, > > Rémi wrote (12 May 2014 09:48:13 GMT) : >> I wrote an ephemeral password manager, for privacy and anonymity. >> The idea is that you use a root password to deterministically generate >> credentials, so no need to store the credentials. > > Thanks for this suggestion. > > Just curious: is there any threat model description, and security > analysis of the underlying password generation algorithm, to be > found somewhere? > > Cheers, > ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
On 05/13/2014 03:17 PM, Rémi wrote: > Good suggestion. > > I added the following text to the repository: > > Goldfish is unlocked using 1.000.000 rounds of sha512, which takes ~1.5 > seconds in python. The hash rounds are not meant to replace an actual > strong password, so the password should be about as strong as your > truecrypt password. > A danger is that the root password would be guessed. It is also not > obvious how to change a password. If a service provider has the > username/password pair this does not give away anything about other > credentials. > > Obfuscation. > The usernames are designed to 'look real'. They are derived from common > western names with an added suffix. The service passwords and username > suffixes vary in length to further obfuscate that Goldfish is used. > If someone really wants to they could figure out that a set of > credentials was likely generated using Goldfish. This should not > directly be obvious, certainly not by just looking at the username. > > R. A quick glance at your code tells me that I don't want to use this software at all. - "My own implementation of a slow hash function." : Why are you inventing your own crypto ? - "# Pop the first number because it is probably less random." : Probably less random ?! - "# Yes, I know how this affects the name distribution." : Why admitting that your distribution is flawed instead of fixing it ?! - Given some information it looks up the correct username and appends some random data : This is wrong, the appended data is not random at all. - Your lock/unlock system has no control over the memory of the process. - ... You may want to read some papers about cryptography before creating this kind of softwares. > > > On 13/05/14 12:09, intrigeri wrote: >> Hi Rémi, >> >> Rémi wrote (12 May 2014 09:48:13 GMT) : >>> I wrote an ephemeral password manager, for privacy and anonymity. >>> The idea is that you use a root password to deterministically generate >>> credentials, so no need to store the credentials. >> >> Thanks for this suggestion. >> >> Just curious: is there any threat model description, and security >> analysis of the underlying password generation algorithm, to be >> found somewhere? >> >> Cheers, >> > ___ > Tails-dev mailing list > Tails-dev@boum.org > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > tails-dev-unsubscr...@boum.org. > ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
Hi Julien, You didn't Cc Rémi, so I doubt your email reached him. Which might be just as well, as I personally find the tone of your answer out of line, and inappropriate. I don't want to take part in a community where we bully newbies. Let's try to be excellent to each other :) Note that I trust your technical points are probably correct (without checking myself), so it's only a matter of how one expresses criticism about technical issues. jvoisin wrote (13 May 2014 13:28:11 GMT) : > You may want to read some papers about cryptography before creating this > kind of softwares. I'm not sure if academic papers would be the best way to learn this stuff for someone with Rémi's starting point: they are generally full of good theory, but hard to relate to when one tries to implement something actually useful, and lacks the academic background. I think I would instead recommend texts that link more strongly theoretical cryptography knowledge to practical implementation requirements, such as Applied Cryptography, or the Secure Programming Howto. I'd love to hear more suggestions of such readings, by the way. Cheers! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
Going over your points: - Yes, I should select some other slow hash function. Do you have a suggestion for a secure function available in python? - It is less random. That is why it is popped. - It really doesn't matter if some names have a tiny bit lower probability of getting selected. Much more useful would be to add more names. - Now you're just trolling. The username suffix is indeed not random, but derived like the rest of the credentials. - Yes, in python you do not have control over memory like you have in C. Maybe the comments should have been formulated to look less scary? As I pointed out in the code, I indeed need another slow hash function. I'm on it. R. On 13/05/14 15:28, jvoisin wrote: > On 05/13/2014 03:17 PM, Rémi wrote: >> Good suggestion. >> >> I added the following text to the repository: >> >> Goldfish is unlocked using 1.000.000 rounds of sha512, which takes ~1.5 >> seconds in python. The hash rounds are not meant to replace an actual >> strong password, so the password should be about as strong as your >> truecrypt password. >> A danger is that the root password would be guessed. It is also not >> obvious how to change a password. If a service provider has the >> username/password pair this does not give away anything about other >> credentials. >> >> Obfuscation. >> The usernames are designed to 'look real'. They are derived from common >> western names with an added suffix. The service passwords and username >> suffixes vary in length to further obfuscate that Goldfish is used. >> If someone really wants to they could figure out that a set of >> credentials was likely generated using Goldfish. This should not >> directly be obvious, certainly not by just looking at the username. >> >> R. > > A quick glance at your code tells me that I don't want to use this > software at all. > > - "My own implementation of a slow hash function." : Why are you > inventing your own crypto ? > > - "# Pop the first number because it is probably less random." : > Probably less random ?! > > - "# Yes, I know how this affects the name distribution." : Why > admitting that your distribution is flawed instead of fixing it ?! > > - Given some information it looks up the correct username and > appends some random data : This is wrong, the appended data is not > random at all. > > - Your lock/unlock system has no control over the memory of the process. > > - ... > > You may want to read some papers about cryptography before creating this > kind of softwares. >> >> >> On 13/05/14 12:09, intrigeri wrote: >>> Hi Rémi, >>> >>> Rémi wrote (12 May 2014 09:48:13 GMT) : I wrote an ephemeral password manager, for privacy and anonymity. The idea is that you use a root password to deterministically generate credentials, so no need to store the credentials. >>> >>> Thanks for this suggestion. >>> >>> Just curious: is there any threat model description, and security >>> analysis of the underlying password generation algorithm, to be >>> found somewhere? >>> >>> Cheers, >>> >> ___ >> Tails-dev mailing list >> Tails-dev@boum.org >> https://mailman.boum.org/listinfo/tails-dev >> To unsubscribe from this list, send an empty email to >> tails-dev-unsubscr...@boum.org. >> > > ___ > Tails-dev mailing list > Tails-dev@boum.org > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > tails-dev-unsubscr...@boum.org. > ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
By that I mean the comments in my own code. On 13/05/14 15:58, Rémi wrote: > Maybe the comments should have been formulated to look less scary? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Goldfish the ephemeral password manager.
On 05/13/2014 03:58 PM, Rémi wrote: > Going over your points: > > - Yes, I should select some other slow hash function. Do you have a > suggestion for a secure function available in python? Currently, Python doesn't come with those kind of function. > > - It is less random. That is why it is popped. Then you should update the comment :) > > - It really doesn't matter if some names have a tiny bit lower > probability of getting selected. Much more useful would be to add more > names. > > - Now you're just trolling. The username suffix is indeed not random, > but derived like the rest of the credentials. Then it shouldn't be described as random :) > > - Yes, in python you do not have control over memory like you have in C. This is why those kind of tools should not be written in Python: - You don't have control over memory - You can't guarantee that your code can run in constant time. > > Maybe the comments should have been formulated to look less scary? As I > pointed out in the code, I indeed need another slow hash function. I'm > on it. Yes. Sorry for the harsh tone :| The idea of deriving passwords from a master is not knew. What about using something like HMAC for this ? > > R. > > > On 13/05/14 15:28, jvoisin wrote: >> On 05/13/2014 03:17 PM, Rémi wrote: >>> Good suggestion. >>> >>> I added the following text to the repository: >>> >>> Goldfish is unlocked using 1.000.000 rounds of sha512, which takes ~1.5 >>> seconds in python. The hash rounds are not meant to replace an actual >>> strong password, so the password should be about as strong as your >>> truecrypt password. >>> A danger is that the root password would be guessed. It is also not >>> obvious how to change a password. If a service provider has the >>> username/password pair this does not give away anything about other >>> credentials. >>> >>> Obfuscation. >>> The usernames are designed to 'look real'. They are derived from common >>> western names with an added suffix. The service passwords and username >>> suffixes vary in length to further obfuscate that Goldfish is used. >>> If someone really wants to they could figure out that a set of >>> credentials was likely generated using Goldfish. This should not >>> directly be obvious, certainly not by just looking at the username. >>> >>> R. >> >> A quick glance at your code tells me that I don't want to use this >> software at all. >> >> - "My own implementation of a slow hash function." : Why are you >> inventing your own crypto ? >> >> - "# Pop the first number because it is probably less random." : >> Probably less random ?! >> >> - "# Yes, I know how this affects the name distribution." : Why >> admitting that your distribution is flawed instead of fixing it ?! >> >> - Given some information it looks up the correct username and >> appends some random data : This is wrong, the appended data is not >> random at all. >> >> - Your lock/unlock system has no control over the memory of the process. >> >> - ... >> >> You may want to read some papers about cryptography before creating this >> kind of softwares. >>> >>> >>> On 13/05/14 12:09, intrigeri wrote: Hi Rémi, Rémi wrote (12 May 2014 09:48:13 GMT) : > I wrote an ephemeral password manager, for privacy and anonymity. > The idea is that you use a root password to deterministically generate > credentials, so no need to store the credentials. Thanks for this suggestion. Just curious: is there any threat model description, and security analysis of the underlying password generation algorithm, to be found somewhere? Cheers, >>> ___ >>> Tails-dev mailing list >>> Tails-dev@boum.org >>> https://mailman.boum.org/listinfo/tails-dev >>> To unsubscribe from this list, send an empty email to >>> tails-dev-unsubscr...@boum.org. >>> >> >> ___ >> Tails-dev mailing list >> Tails-dev@boum.org >> https://mailman.boum.org/listinfo/tails-dev >> To unsubscribe from this list, send an empty email to >> tails-dev-unsubscr...@boum.org. >> > ___ > Tails-dev mailing list > Tails-dev@boum.org > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > tails-dev-unsubscr...@boum.org. > ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
