Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://todon.eu/users/ljrk/statuses/112410044873533959">lj·rk (ljrk@todon.eu)'s status on Thursday, 09-May-2024 17:09:39 JST</a><a href="https://todon.eu/@ljrk" title="ljrk@todon.eu"><img src="https://gnusocial.jp/avatar/105402-48-20241109052938.webp" width="48" height="48" alt="lj·rk" style="position: absolute; left: 0; top: 0;">lj·rk</a><div><a href="https://ioc.exchange/@faebudo/112408938192938541" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/255330" title="faebudo@ioc.exchange">faebudo</a></li></ul></div></section><article><p><a href="https://ioc.exchange/@faebudo">@faebudo</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> No, this is nothing about Passkeys, this is how password managers usually generate an encryption key for the wallet. None of the keys above is a Passkey.</p><p>Making this more clear, given all Passkeys and other data in the keychain kc, the following happens to upload it to the cloud:</p><p>ekc &lt;- Enc(pk, kc)</p><p>The bundle of (ekc, esk) is uploaded to the cloud. When enrolling a new device, the user gives their master password and thus:</p><p>(ekc, esk) &lt;- Download(LoginAuthToken)<br>k_sk &lt;- KDF(pass)<br>esk &lt;- Dec(k_sk, esk)<br>kc &lt;- Dec(sk, ekc)</p><p>You have:</p><p>1. a password (never leaves the device)<br>2. a derived secret encryption key (never leaves device)<br>3. a randomly generated encryption keypair (pk,sk) (may be symmetric actually, fuzzy on the details right now), never leaves the device (in unencrypted fashion)<br>4. the keychain itself (never leaves the device in unencrypted fashion)<br>5. the keychain encryption with the generated key (yes, synched)<br>6. the keychain encryption keypair/key, itself encrypted with the derived secret (yes, synced)</p><p>Only encrypted data (= indistinguishable from random data) is uploaded.</p><p>And yes, this is phishing resistant and secure. This is how every proper synched password manager has operated for a long time.</p><p>1/2</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3060333#notice-6073009">In conversation</a><time datetime="2024-05-09T17:09:39+09:00" title="Thursday, 09-May-2024 17:09:39 JST">about 7 months ago</time> <span>from <span><a href="https://todon.eu/@ljrk/112410044873533959" rel="external" title="Sent from todon.eu via ActivityPub">todon.eu</a></span></span><a href="https://todon.eu/@ljrk/112410044873533959">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
lj·rk (ljrk@todon.eu)'s status on Thursday, 09-May-2024 17:09:39 JSTlj·rk
in reply to
- Kevin Beaumont
- faebudo
@faebudo @GossiTheDog No, this is nothing about Passkeys, this is how password managers usually generate an encryption key for the wallet. None of the keys above is a Passkey.
Making this more clear, given all Passkeys and other data in the keychain kc, the following happens to upload it to the cloud:
ekc <- Enc(pk, kc)
The bundle of (ekc, esk) is uploaded to the cloud. When enrolling a new device, the user gives their master password and thus:
(ekc, esk) <- Download(LoginAuthToken)
k_sk <- KDF(pass)
esk <- Dec(k_sk, esk)
kc <- Dec(sk, ekc)
You have:
1. a password (never leaves the device)
2. a derived secret encryption key (never leaves device)
3. a randomly generated encryption keypair (pk,sk) (may be symmetric actually, fuzzy on the details right now), never leaves the device (in unencrypted fashion)
4. the keychain itself (never leaves the device in unencrypted fashion)
5. the keychain encryption with the generated key (yes, synched)
6. the keychain encryption keypair/key, itself encrypted with the derived secret (yes, synced)
Only encrypted data (= indistinguishable from random data) is uploaded.
And yes, this is phishing resistant and secure. This is how every proper synched password manager has operated for a long time.
1/2
In conversationabout 7 months ago from todon.eupermalink

Public

Embed Notice

HTML Code

Corresponding Notice