Cypak recently launched their new authentication devices LoginKey. I did a security review of it, and it uses a per-device AES-128 key to encrypt information. It emulates a USB keyboard, so it works fine under Windows, Linux and Mac OS X.
Category Archives: security
Update of Kerberos V5 over TLS draft
I finally took the time to update the Kerberos V5 over TLS document. After submitting the new -01 document, I had a look at the -00 version and it was published around two years ago, yikes.
Kerberos 5 Credential Cache file format
Reading MIT/Heimdal Kerberos V5 credential files seemed like a good first step towards making Shishi more usable. Users will be able to continue using their existing Kerberos V5 applications and libraries, but will be able to gradually move to Shishi. This has actually been on the todo-list for Shishi since day one. A few months ago, Michael B Allen wrote up a specification of the keytab file format (i.e., the file format used by /etc/krb5.keytab), and I implemented it in Shishi. Now, that file contains hostkeys, and is thus only useful for servers. To be able to read the end-user credential files would be more useful. I fired up M-x hexl-find-file RET on /tmp/krb5cc_1000, and with the help of Michael’s prior work, I came up with the following file format description and basic implementation.
Kerberos ccache file format writeup