The encryption chronicles - Apple Passwords and Microsoft SymCrypt
The encryption chronicles - Apple Passwords and Microsoft SymCrypt
The Passwords app in iOS 18 || The first practical implementation of post quantum cryptography
Apple brings Passwords to the mainstream
The ‘Passwords’ app brings password management to the forefront
It does not matter which side of the password manager debate you fall on, Apple has decided that Password managers are a good thing. The sheep in the walled garden have to comply now.
It’s been 10 years that I have been using 1password. This screen on my MacBook has been ubiquitous.
And never for the last 10 years have I ever thought of changing my password manager. Why would I? 1password works seamlessly on all my devices. I am very used to the interface and my muscle memory makes short work of my rather longish pass-phrase. Even when 1password moved from the one time payment model to subscription model, I was only slightly displeased.
Then came Apple with the Passwords App. It seems like a real alternative.
Apple used to manage passwords in the backend with ‘Keychain’. With iOS 18, they brought it to the forefront.
Read this article on the Wired for a detailed assessment.
I haven’t explored it yet, but it does seem enticing. First, it will work very seamlessly with my phone and laptop. Second, it is free. Scratch that. First it is free.
I plan to explore it for a bit and see if it can be a replacement to 1password. I am sure all the password manager apps out in the wild are scheming up cunning plans to retain their customers. If Apple Passwords is up to speed, and 1password does not come up with a compelling argument why I should not switch, then I might just change my 10 year association with 1password.
The only drawback being that it might not work on a Linux machine. I have to figure that out.
Take Action:
This is more from a personal perspective. If you are using a password manager already and are a prisoner of the Apple ecosystem, then evaluate Passwords honestly.
If you are in the ecosystem, but don’t use a password manager, you can start fresh with Passwords and your brain will thank you for that feeling of liberation!!
If you are not on the Apple ecosystem, this really should not bother you one bit. Your life does not depend on Apple events - you are already liberated.
Microsoft uses post quantum cryptography
The open source encryption library ‘SymCrypt’ gets a quantum proof update
NIST released encryption algorithms for a post quantum world. The NIST documents were released on the 13th of August. Soon, Microsoft, which is one of the contributors to the design of the NIST document, released an update to their open source encryption library SymCrypt.
Read this article for more details.
Take Action:
In my last post, I had said that this development is for your knowledge. Just a week later we have a practical implementation of a post quantum encryption mechanism.
To understand the applicability of these algorithms, understand the attack vector of ‘Store now, decrypt later’. This is a quantum attack where threat actors store all encrypted data in the hope that when quantum computers become a reality, they will be able to decrypt the data and make some use of it at least.
This type of attack applies to classified data. Nation states might want to access documents and records of state decisions. (No one would want to know your bank transactions a decade later).
If your organisation handles the type of data that will remain critical over many years, you should consider implementing post quantum algorithms.
I'm a long time user and fan of password managers too. Sadly, I m not an Android Sheep, so no iOS Passwords app for me :) Right now I use Bitwarden and Dashlane.