[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Greetings and Question on HSM Keys
From: |
taler |
Subject: |
Re: [Taler] Greetings and Question on HSM Keys |
Date: |
Wed, 18 Aug 2021 04:41:33 +0200 (CEST) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Dr. Grothoff,
Thanks for responding!
I understand that SHA1 is not best.
Any algorithm from the HMAC-SHA2 series
would be better alternatives.
It is true that many consumers may not be willing
to purchase a hardware key at the immediate
moment. But since GNU Taler is meant to be
a system that people entrust store their money in,
it is worth making as soon as possible.
I am currently reading the GNU Taler docs further
and will notify the mailing list of any more questions
I have.
Thanks,
Tanveer Salim
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTCDyJqWjGhhMf9XUwGMmXvr63R/wUCYRxzKQAKCRAGMmXvr63R
/2Y1AQCRjt6ERCVsBRE7JkTN1UufRdrMFX/bPTz+P1rFBi74mAEAhbVv7oSpTWCT
o+xkVyjHMkJzAlzEqeTfI49I/zj7xgE=
=9K1m
-----END PGP SIGNATURE-----
Aug 17, 2021, 07:42 by grothoff@gnunet.org:
> Hi Tanveer,
>
> Welcome and thanks for your message!
>
> I think in principle having support for encrypting the Taler wallet
> database using an HSM under the control of the user is an interesting
> optional feature. One issue of course is that loosing the HSM may render
> the remaining funds in the wallet inaccessible, but for that of course
> users could have backups that use a different key recovery strategy,
> like what we are planning with GNU Anastasis (https://anastasis.lu/).
> And even GNU Anastasis could benefit from an HSM-based key recovery option.
>
> That said, we also think that most ordinary consumers are unlikely to
> purchase an HSM, at least initially, so we really need to keep this
> optional. Also, the existing team members have AFAIK limited experience
> with HSMs, and I strongly suspect accessing an HSM from all supported
> platforms (WebExtension in browsers, Android App, iOS App) is not going
> to be super-easy. But, if someone has time to work on this, I'd be happy
> to see some progress in this domain.
>
> As for the crypto, I'd recommend not using SHA1 if it can be avoided,
> even if in this case the existing attacks likely do not matter too much.
>
> My 2 cents
>
> Christian
>
> On 8/16/21 10:08 PM, taler--- via Taler wrote:
>
>> Hello GNU Taler Mailing List!
>>
>>
>> I have just joined and wish to share my PGP public key with everyone.
>> You may download my PGP public key at: https://raiderhacks.com/gpg
>> While reading the GNU Taler Docs, I noticed if there are any questions on
>> adding support for hardware keys, that I should contact the GNU Taler
>> developers.
>>
>> I wish to ask if it anyone would be interested in adding support for
>> HMAC SHA1 Challenge Response assisted encryption.
>> This is the same hardware-key assisted encryption that KeePassXC offers:
>> https://keepassxc.org/docs/#faq-yubikey-howto
>>
>> If this is done, every time an edit is made to the person's balance database,
>> the user would be prompted to tap their hardware key device. When this
>> happens, a new seed is written into the user's database file, is sent to the
>> hardware key, and the hardware key applies HMAC-SHA1 with a secret
>> that is stored directly in the hardware key. The HMAC-SHA1 output
>> is appended to the user's password to re-encrypt/decrypt the user's
>> wallet database in the future. This dynamic-password approach to
>> encryption is why I chose KeePassXC as my password manager and
>> would love to have the same protection in a system that is designed
>> to allow me to spend money privately and anonymously.
>>
>> Please let me know what all of you think of this.
>>
>>
>> Thanks,
>>
>>
>> Tanveer Salim
>>