[BBLISA] Reusing Passwords on Different Sites Should be OK
Edward Ned Harvey (bblisa4)
bblisa4 at nedharvey.com
Fri Sep 18 06:53:59 EDT 2015
> From: bblisa [mailto:bblisa-bounces at bblisa.org] On Behalf Of Patrick Cable
>
> Crypto is hard. I hope you have folks reviewing your implementation,
> especially if you're designing a cryptosystem to protect me from the big bad
> agencies!
Block diagrams are easy. ;-) The block diagrams clearly and simply communicate the concept, which is solid. I first started giving presentations in security crowds on this topic almost 2 years ago, and we first released the code about 16 months ago, and we first put it into production a few months ago.
We haven't paid for an independent security audit or anything like that, but I've gotten review from numerous crypto experts unofficially - and like I said - This whole concept is simple for anybody with a basic understand of crypto to understand.
Implementation is a whole different can of worms. Which is why we didn't implement the crypto - we just use well known libraries (bouncycastle) and wrap around it. So all I have to do is take the block diagram, and where it says "asymmetric key generator," I call the bouncycastle ecdh key generator. And so on.
If you look at the CBCrypt class, you'll see that it is ridiculously simple.
https://github.com/rahvee/CBcrypt/blob/master/CBcrypt/CBcrypt/CBcrypt.cs
More information about the bblisa
mailing list