taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Greetings and Question on HSM Keys


From: taler
Subject: Re: [Taler] Greetings and Question on HSM Keys
Date: Wed, 18 Aug 2021 04:41:33 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Dr. Grothoff,


Thanks for responding!


I understand that SHA1 is not best.


Any algorithm from the HMAC-SHA2 series


would be better alternatives.


It is true that many consumers may not be willing


to purchase a hardware key at the immediate


moment. But since GNU Taler is meant to be


a system that people entrust store their money in,


it is worth making as soon as possible.


I am currently reading the GNU Taler docs further


and will notify the mailing list of any more questions


I have.


Thanks,


Tanveer Salim
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQTCDyJqWjGhhMf9XUwGMmXvr63R/wUCYRxzKQAKCRAGMmXvr63R
/2Y1AQCRjt6ERCVsBRE7JkTN1UufRdrMFX/bPTz+P1rFBi74mAEAhbVv7oSpTWCT
o+xkVyjHMkJzAlzEqeTfI49I/zj7xgE=
=9K1m
-----END PGP SIGNATURE-----



Aug 17, 2021, 07:42 by grothoff@gnunet.org:

> Hi Tanveer,
>
> Welcome and thanks for your message!
>
> I think in principle having support for encrypting the Taler wallet
> database using an HSM under the control of the user is an interesting
> optional feature. One issue of course is that loosing the HSM may render
> the remaining funds in the wallet inaccessible, but for that of course
> users could have backups that use a different key recovery strategy,
> like what we are planning with GNU Anastasis (https://anastasis.lu/).
> And even GNU Anastasis could benefit from an HSM-based key recovery option.
>
> That said, we also think that most ordinary consumers are unlikely to
> purchase an HSM, at least initially, so we really need to keep this
> optional. Also, the existing team members have AFAIK limited experience
> with HSMs, and I strongly suspect accessing an HSM from all supported
> platforms (WebExtension in browsers, Android App, iOS App) is not going
> to be super-easy. But, if someone has time to work on this, I'd be happy
> to see some progress in this domain.
>
> As for the crypto, I'd recommend not using SHA1 if it can be avoided,
> even if in this case the existing attacks likely do not matter too much.
>
> My 2 cents
>
> Christian
>
> On 8/16/21 10:08 PM, taler--- via Taler wrote:
>
>> Hello GNU Taler Mailing List!
>>
>>
>> I have just joined and wish to share my PGP public key with everyone.
>> You may download my PGP public key at: https://raiderhacks.com/gpg
>> While reading the GNU Taler Docs, I noticed if there are any questions on
>> adding support for hardware keys, that I should contact the GNU Taler
>> developers.
>>
>> I wish to ask if it anyone would be interested in adding support for
>> HMAC SHA1 Challenge Response assisted encryption.
>> This is the same hardware-key assisted encryption that KeePassXC offers:
>> https://keepassxc.org/docs/#faq-yubikey-howto
>>
>> If this is done, every time an edit is made to the person's balance database,
>> the user would be prompted to tap their hardware key device. When this
>> happens, a new seed is written into the user's database file, is sent to the
>> hardware key, and the hardware key applies HMAC-SHA1 with a secret
>> that is stored directly in the hardware key. The HMAC-SHA1 output
>> is appended to the user's password to re-encrypt/decrypt the user's
>> wallet database in the future. This dynamic-password approach to
>> encryption is why I chose KeePassXC as my password manager and
>> would love to have the same protection in a system that is designed
>> to allow me to spend money privately and anonymously.
>>
>> Please let me know what all of you think of this.
>>
>>
>> Thanks,
>>
>>
>> Tanveer Salim
>>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]