[Cryptography] In the latest unexpected ransomware twist ...

Phillip Hallam-Baker phill at hallambaker.com
Mon Jun 14 01:48:49 EDT 2021


On Sun, Jun 13, 2021 at 11:13 PM Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> Nabil Alsharif <blit32 at circuitsofimagination.com> writes:
>
> >There is no reason my email client (or anything other than my ssh client)
> >should have access to my ssh keys unless I explicitly authorize that
> access.
> >
> >I can't say much about the design of Mac OS or iOS because I don't know
> much
> >about them
>
> The Apple keychain is permissioned so you can allow only one app, or group
> of
> apps, access to a particular set of credentials via entitlements.  There's
> also conditional access, e.g. under certain circumstances, once-only after
> user approval, and so on.  It's really quite well done.
>

And Windows has key stores that are unlocked using the user's login
password.

Linux seems to have six options that might be installed but none that MUST
be installed.

The problem though is that all three major platforms are trying to compete
on security. And that is always a mistake. If keystores are going to be
reliably useful, there has to be a cross platform common interface.
Preferably arrived at by leveling up, not down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210614/05212587/attachment.htm>


More information about the cryptography mailing list