[Cryptography Team] KeyHolder!
Ron Teitelbaum
ron at usmedrec.com
Sun Sep 20 00:42:35 UTC 2020
Hi Chris,
Glad you like it. I developed it for my secure DHT peer to peer database.
Each node is secure and it takes multiple keys to retrieve any one piece of
data. Keyholder was developed to protect the node key. Since each node
holds a lot of data it was very important to use special handling for the
key. I had been reading about new side-channel attacks and that the
vulnerability increases the more you read and use a key even if it is only
held in memory. On these nodes we use the key all the time so KeyHolder
was born.
I'll have a look when I get a chance. They sound like useful changes.
All the best,
Ron
On Sat, Sep 19, 2020, 7:58 PM Chris Muller <asqueaker at gmail.com> wrote:
> Hi Ron, I just love this KeyHolder thingy! :) Such a clever idea to
> resist a side-channel attack. I'm curious how you came across the idea..
>
> I did commit some improvements (see below), which I've tested, and plan to
> use in projects going forward.
>
> As always, review and feedback is welcome from anyone and everyone.
>
> Regards,
> Chris
>
> ________________________
> Name: CryptographyCiphers-cmm.23
> Author: cmm
> Time: 15 September 2020, 5:52:41.154778 pm
> UUID: 6ba3b5f5-47e3-48f7-a871-89a4cc4c0774
> Ancestors: CryptographyCiphers-tpr.22
>
> Improvements to KeyHolder:
> - It can now hold an Integer or ByteArray key.
> - Replaced use of KeyHolderData with a simple Array. KeyHolderData
> removed.
> - Destroys itself upon image save, to ensure not to save its contents in
> the image.
> - More secure, now uses Rijndael (AES) instead of TripleDES.
> - More secure, now destroys the prior encrypted key instead of waiting for
> GC.
> - Now relies on a Mutex for process syncronization rather than trapping
> Error and retrying.
> - Guards against invalid key access after it was destroyed.
> - Better printOn: reveals its status.
> - About 7X faster.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20200919/b8f0a588/attachment.html>
More information about the Cryptography
mailing list