 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 07/24/2013 09:56 AM, Edward Ned Harvey (blu) wrote: > I am a great fan of BioWallet. You "sign" the screen with your finger. Your name, a random word, whatever. It works best for handwritten words, and doesn't work so well for geometric shapes, drawings, patterns. It performs bioinformatic analysis on your gesture, to either unlock or not unlock the encryption key. Very interesting. Of course, to Sajan Parikh's horror, I would want to know more technical details about how it works before I would trust it with my digital life. My immediate worry: It is important to distinguish between a password that one can only test by asking some gatekeeper (a gatekeeper that will limit how often and quickly you are allowed to make attempts) and an encryption key that can be tested in parallel against encrypted data that has been duplicated across multiple computers. A good encryption key needs to be of considerable length with a lot of random components. Put another way using fancier words: An encryption key must have a lot of entropy, but if a gatekeeper can be trusted to be in place and functioning correctly, a traditional password needs very little entropy. For example, a cash machine PIN that is only 4-digits long is quite secure if you are only allowed a slow few attempts at a time. But the same 4-digits used as an encryption key on exposed data is completely worthless. In this case I wonder about the amount of entropy that could be derived from a repeatable Biowallet signing gesture. It is probably plenty for a password (the testing of which can be limited). But if there is anyway a foe can get direct access to encrypted data that is only protected by a little entropy, it won't be secure. I don't know current estimations, but I would use the following guidelines for an encryption key: 32-bits of entropy: stops a naive individual with a day-job 80-bits of entropy: stops a small organization 100-bits of entropy: stops a big organization 128-bits of entropy: stops the NSA 256-bits of entropy: paranoid's goal Does Biowallet say how they protect the underlying data, and with how much entropy? I would be surprised if they were getting more than 16-bits of entropy out of the signing gesture. Key strengthening of the sort Keepass does helps but it cannot make something strong out of nearly nothing. -kb
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
