oss-sec mailing list archives
Re: kwallet crypto misuse
From: gremlin () gremlin ru
Date: Fri, 3 Jan 2014 11:27:12 +0400
On 02-Jan-2014 09:15:15 +0100, Florian Weimer wrote:
I just noticed this is now public: http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/ Short summary: kwallet uses Blowfish to encrypt its password store, and despite an attempt at implementing CBC mode (in a file called cbc.cc no less), it's actually ECB mode.
That's unpleasant, but not really a fatal issue...
UTF-16 encoding combined with Blowfish's 64 bit block size means there are just four password characters per block.
But this is: any and all passwords, being used for encryption key generation, must be hashed, then salted, then hashed again. SHA-256 may be a good choice for generating Blowfish 256-bit key this way.
Encryption is convergent as well. This may enable recovery of passwords through codebook attacks. Should we treat this as a minor vulnerability?
Is it really minor? -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Current thread:
- kwallet crypto misuse Florian Weimer (Jan 02)
- Re: kwallet crypto misuse cve-assign (Jan 02)
- Re: Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 02)
- Re: kwallet crypto misuse cve-assign (Jan 02)
- Re: Re: kwallet crypto misuse Kurt Seifried (Jan 02)
- Re: Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 02)
- Re: Re: kwallet crypto misuse Michael Samuel (Jan 02)
- Re: kwallet crypto misuse cve-assign (Jan 02)
- Re: kwallet crypto misuse gremlin (Jan 02)
- Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 03)
- Re: kwallet crypto misuse Simon McVittie (Jan 03)
- Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 03)
- Re: kwallet crypto misuse cve-assign (Jan 03)
- Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 03)
- Re: kwallet crypto misuse gremlin (Jan 04)