Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX



On 07/24/2013 09:56 AM, Edward Ned Harvey (blu) wrote:
> I am a great fan of BioWallet.  You "sign" the screen with your finger.  Your name, a random word, whatever.  It works best for handwritten words, and doesn't work so well for geometric shapes, drawings, patterns.  It performs bioinformatic analysis on your gesture, to either unlock or not unlock the encryption key.

Very interesting.

Of course, to Sajan Parikh's horror, I would want to know more technical 
details about how it works before I would trust it with my digital life.

My immediate worry: It is important to distinguish between a password 
that one can only test by asking some gatekeeper (a gatekeeper that will 
limit how often and quickly you are allowed to make attempts) and an 
encryption key that can be tested in parallel against encrypted data 
that has been duplicated across multiple computers.  A good encryption 
key needs to be of considerable length with a lot of random components.

Put another way using fancier words: An encryption key must have a lot 
of entropy, but if a gatekeeper can be trusted to be in place and 
functioning correctly, a traditional password needs very little entropy.

For example, a cash machine PIN that is only 4-digits long is quite 
secure if you are only allowed a slow few attempts at a time.  But the 
same 4-digits used as an encryption key on exposed data is completely 
worthless.

In this case I wonder about the amount of entropy that could be derived 
from a repeatable Biowallet signing gesture.  It is probably plenty for 
a password (the testing of which can be limited).  But if there is 
anyway a foe can get direct access to encrypted data that is only 
protected by a little entropy, it won't be secure.

I don't know current estimations, but I would use the following 
guidelines for an encryption key:

   32-bits of entropy:          stops a naive individual with a day-job
   80-bits of entropy:          stops a small organization
   100-bits of entropy:        stops a big organization
   128-bits of entropy:        stops the NSA
   256-bits of entropy:        paranoid's goal

Does Biowallet say how they protect the underlying data, and with how 
much entropy?  I would be surprised if they were getting more than 
16-bits of entropy out of the signing gesture.  Key strengthening of the 
sort Keepass does helps but it cannot make something strong out of 
nearly nothing.

-kb




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org