Kyle: A password manager for paranoids.

Overview

For a password manager kyle differs with the others in two points;

  • It doesn't store any password so there is no file to steal and crack for attackers
  • So you can't store any given password from 3rd parties but demand your own

And kyle differs with password generators with;

  • Generated passwords are not random but a brute-force method can take trillions of years to crack just one

    For example on the test vectors Bill Gates' password tooks 12.11 secs on a MacBook Pro Early 2013 with 2,4 GHZ Intel Core i7. So even for a lazy master-key with 8 chars includes small-case-letters and numbers 36^8+36^7+36^5+36^4+36^3+36^2+36 equals 2901713047668 combination with 12.11 secs per combination try leads to 1,114,274 years to try all combinations.

  • It doesn't use any specific hash or encryption algorithm although it uses mixture of them by an algorithm to choose which generated from info and master-key.

read more

Memcached < 1.4.17 SASL authentication bypass

Overview

We have approved that configurations of memcached prior to 1.4.17 suffers authentication bypassing on SASL configurations.

Description

When SASL enabled in memcached prior to 1.4.17 with

./configure --enable-sasl

and memcached daemon started with -S parameter memcached configures itself to authenticate over saslauthd.

Due to coding failure in memcached.c on second try with wrong password memcached fails authentication but still runs as authenticated which you can see detailed logs down below.

read more