Protecting signing key

Peter Pentchev roam at ringlet.net
Wed Aug 3 11:29:35 CEST 2005


On Tue, Aug 02, 2005 at 05:48:39PM -0500, Ryan Malayter wrote:
[snip]
> That said, everything I've read indicates that the encrypting file
> system (EFS) in Windows 2000+ is reasonably well implemented. However,
> the user's password is still the weak link, as it is used to protect
> the private key that EFS needs for decryption.
> 
> Because you can get the hash of this password from the disk in some
> way (you always have to be able to, otherwise you could not
> authenticate), the password is the weak link.

I can't speak about EFS, since I'm not familiar with it at all, but that
statement does not have to be necessarily true.  You *can* get by
without storing even a hash of the password on the disk, and it's
actually pretty easy - just encrypt a known-plaintext magic sequence of
bytes using a key derived from the password and store the encrypted
result.  There is also the possibility of generating a random magic
sequence and storing that on the disk in plaintext, too, thus "salting"
the authentication in a different way every time.

Okay, so, come to think of it, this could be called hashing in a way,
and it is still vulnerable to dictionary attacks on the password.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
"yields falsehood, when appended to its quotation." yields falsehood, when appended to its quotation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20050803/4845eb00/attachment.pgp


More information about the Gnupg-users mailing list