[Cryptography] Low-tech password safe was: Passwords (Smallest feasible work factor today?
Ralf Senderek
crypto at senderek.ie
Fri Sep 16 04:43:20 EDT 2022
In order to design the best electronic password safe, IMHO privilege
separation is an essential ingredient, although not the only one.
Of course there is an attack surface on such a thing as the latest
report of Linux malware
https://arstechnica.com/information-technology/2022/09/new-linux-malware-combines-unusual-stealth-with-a-full-suite-of-capabilities/
shows. Such code that starts as a few bytes executed in memory with no
trace in the filesystem, gains its full destructive force when a
privilege separation vulnerability is exploited. We'll see more of
this in future. But this does not mean we must give up on the attempt
to secure passwords on the electronic device.
It might as well mean that we need to add an external device to the
mix to ensure that manual actions on such a device is necessary to
enable the use of stored passwords. So I'd like to ask people on
the list who might have experience of using external security devices
(like for example the yubikey, or similar) to share their experience
in order to integrate this into the best electronic password safe
solution.
--ralf
More information about the cryptography
mailing list