Simple encryption software - Security & Cryptography
Users browsing this thread: 1 Guest(s)
|
|||
Hello fellow crypto friends!
I need your help on a small piece of software I'm working on: safe. It is a pass(1)-like application used to store passwords, but I want to drop usage of asymmetric keys and use only a master password instead (ie. symmetric encryption), so all I need to do to unlock my password store is a master password. There is one neat feature that I like with gpg though: gpg-agent. I would like to have something similar with my master password approach, so I don't have to type my password every time I want to encrypt/decrypt a password. I know that there are multiple security implications with it, but I'm no security expert, so I would like your input/advice on this topic. From the top of my head, here are the security concerns I should have:
What should I add to this list? Are there things I should change? BONUS QUESTION: Do you guys understand how the "encrypt(3)" function from unistd.h works (don't judge me) ? It seems to take a 64bits message and return the 64bits equivalent, encrypted. Which means that my encrypted message will have the same size as the ciphertext... I'm not security expert, but it looks like a security issue right? Answering my own question from the man page: Quote:Because they employ the DES block cipher, which is no longer considered secure, crypt(), crypt_r(), setkey(), and setkey_r() were removed in glibc 2.28. Applications should switch to a modern cryptography library, such as libgcrypt. Thanks for your help! |
|||