Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140104140230.GA31452@gremlin.ru>
Date: Sat, 4 Jan 2014 18:02:30 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: kwallet crypto misuse

On 03-Jan-2014 12:44:42 -0500, Daniel Kahn Gillmor wrote:

 >>> UTF-16 encoding combined with Blowfish's 64 bit block size
 >>> means there are just four password characters per block.

 >> But this is: any and all passwords, being used for encryption
 >> key generation, must be hashed, then salted, then hashed
 >> again. SHA-256 may be a good choice for generating Blowfish
 >> 256-bit key this way.

 > what kind of hashing and salting are you talking about?

I'm talting about that very kind of hashing and salting which is
normally used to generate an encryption key for symmetric cipher
from the supplied password.

 > i don't think hashing and salting makes sense in the context
 > that you were quoting above. Are you aware that kwallet stores
 > a database of passwords that need to be able to be produced back
 > for the user (or the user's applications) in the clear?

Are you aware that database of passwords is just user's data, which
may be virtually anything?

Suppose you want to generate a password for some resource and store
it safely. One of the easiest methods to do that is running

`mkpassphrase | gpg -ea > some_resource.gpg`

but let's suppose you don't want to keep a keypair on that machine,
so most likely you'll run

`mkpassphrase | gpg -ca > some_resource.gpg`

GPG will ask you (twice) for a password and produce the output like

-----BEGIN PGP MESSAGE-----

jA0ECgMC0nbVtnsmoZ9g0lQBFVTSY/avTaGibkt/dFGciqjGih1OXfLCPBRkv9gq
sDqdOrjzSO0A+P5ziDalFWJEaNQR5mYQaj/eUP8YAM4e5baFvW+7mSMesuMXqEY1
+E0TCzY=
=9DoC
-----END PGP MESSAGE-----

Now, once you need to access the data (generated password in this
exemple), you may run

`gpg < some_resource.gpg`

provide the encryption password (try "Rent/Author!film2Cool") and
get back the previously generated password: Sticky5scum0robust#Comic

So, please don't mess the encryption password (key source) and stored
password (user's data).


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.