vhaiym

deleted

I'm not a cryptography-expert. However, I'd like to understand why the KeeChallenge approach is safe. HMAC is usually used to verify authentication and data integrity of a message where sender and receiver are required to hold a shared secret. If I understand it correctly, KeyChallenge uses the HMAC as the AES key to en/decrypt the shared secret (stored in XML file). The challenge is used as some kind of salt mechanism. Thus: R = AESenc(S, HMAC(S, C)) S = AESdec(R, HMAC(S, C)) where: - S is the shared...

I'm not a cryptography-expert. However, I'd like to understand why the KeeChallenge approach is safe. HMAC is usually used to verify authentication and data integrity of a message where sender and receiver are required to hold a shared secret. If I understand it correctly, KeyChallenge uses the HMAC as the AES key to en/decrypt the shared secret (stored in XML file). The challenge is used as some kind of salt mechanism. Thus: R = AESenc(S, HMAC(S, C)) S = AESdec(R, HMAC(S, C)) where: - S is the shared...

I'm not a cryptography-expert. However, I'd like to understand why the KeeChallenge approach is safe. HMAC is usually used to verify authentication and data integrity of a message where sender and receiver are required to hold a shared secret. If I understand it correctly, KeyChallenge uses the HMAC as the AES key to en/decrypt the shared secret (stored in XML file). The challenge is used as some kind of salt mechanism. Thus: R = AESenc(S, HMAC(S, C)) S = AESdec(R, HMAC(S, C)) where: - S is the shared...

Thanks, but I see no email address there or means to send private message. Today, Google Safe Browsing reports a phishing attempt when clicking the download button on that site. The redirect uri points to github-production-release-asset-2e65be.s3.amazonaws.com. Looks not good imho.

The KeeChallenge plugin (that provides Yubikey HMAC-SSH1 challenge-response support) seems to re-encrypt the shared secret every time the database is opened. The new encrypted secret with the corresponding challenge is stored in an xml file. However, an old copy of this xml file can also be used to open the database, What's the purpose of re-encrypting the secret every time the database is accessed? How does it improve security if the previous xml file does not become obsolete? Maybe there are better...