Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Jan 2014 11:27:12 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Cc: gremlin@...mlin.ru
Subject: Re: kwallet crypto misuse

On 02-Jan-2014 09:15:15 +0100, Florian Weimer wrote:

 > I just noticed this is now public:
 > http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
 > Short summary: kwallet uses Blowfish to encrypt its password
 > store, and despite an attempt at implementing CBC mode (in a
 > file called cbc.cc no less), it's actually ECB mode.

That's unpleasant, but not really a fatal issue...

 > UTF-16 encoding combined with Blowfish's 64 bit block size means
 > there are just four password characters per block.

But this is: any and all passwords, being used for encryption key
generation, must be hashed, then salted, then hashed again. SHA-256
may be a good choice for generating Blowfish 256-bit key this way.

 > Encryption is convergent as well. This may enable recovery of
 > passwords through codebook attacks. Should we treat this as a
 > minor vulnerability?

Is it really minor?


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ