[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Greetings and Question on HSM Keys

From: Christian Grothoff
Subject: Re: [Taler] Greetings and Question on HSM Keys
Date: Tue, 17 Aug 2021 16:42:10 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0

Hi Tanveer,

Welcome and thanks for your message!

I think in principle having support for encrypting the Taler wallet
database using an HSM under the control of the user is an interesting
optional feature. One issue of course is that loosing the HSM may render
the remaining funds in the wallet inaccessible, but for that of course
users could have backups that use a different key recovery strategy,
like what we are planning with GNU Anastasis (https://anastasis.lu/).
And even GNU Anastasis could benefit from an HSM-based key recovery option.

That said, we also think that most ordinary consumers are unlikely to
purchase an HSM, at least initially, so we really need to keep this
optional. Also, the existing team members have AFAIK limited experience
with HSMs, and I strongly suspect accessing an HSM from all supported
platforms (WebExtension in browsers, Android App, iOS App) is not going
to be super-easy. But, if someone has time to work on this, I'd be happy
to see some progress in this domain.

As for the crypto, I'd recommend not using SHA1 if it can be avoided,
even if in this case the existing attacks likely do not matter too much.

My 2 cents


On 8/16/21 10:08 PM, taler--- via Taler wrote:
> Hello GNU Taler Mailing List!
> I have just joined and wish to share my PGP public key with everyone.
> You may download my PGP public key at: https://raiderhacks.com/gpg
> While reading the GNU Taler Docs, I noticed if there are any questions on
> adding support for hardware keys, that I should contact the GNU Taler
> developers.
> I wish to ask if it anyone would be interested in adding support for
> HMAC SHA1 Challenge Response assisted encryption.
> This is the same hardware-key assisted encryption that KeePassXC offers:
> https://keepassxc.org/docs/#faq-yubikey-howto
> If this is done, every time an edit is made to the person's balance database,
> the user would be prompted to tap their hardware key device. When this
> happens, a new seed is written into the user's database file, is sent to the
> hardware key, and the hardware key applies HMAC-SHA1 with a secret
> that is stored directly in the hardware key. The HMAC-SHA1 output
> is appended to the user's password to re-encrypt/decrypt the user's
> wallet database in the future. This dynamic-password approach to
> encryption is why I chose KeePassXC as my password manager and
> would love to have the same protection in a system that is designed
> to allow me to spend money privately and anonymously.
> Please let me know what all of you think of this.
> Thanks,
> Tanveer Salim

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]