diff options
author | drebs <drebs@leap.se> | 2015-06-03 15:56:40 -0300 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2015-07-27 09:58:29 -0400 |
commit | bbfb3bb44915004a70702030aa1d2f9336a60938 (patch) | |
tree | f4736717fcf6eb436bfd9ac17f1e32a6c6bbb622 /client/changes/VERSION_COMPAT | |
parent | 3546eff73297945c1519e925c994e28d6ad523f4 (diff) |
[bug] remove mac from secrets file
This is how a secret was stored in the secrets json file:
* each secret is symmetrically encrypted amd MACed with keys derived from
the user's passphrase.
* the encrypted secrets dictionary is then MACed with another key derived
* from the user's passphrase.
* each key is derived using scrypt and a unique random salt.
There are disadvantages to this approach:
* repeating scrypt many times is a waste of time.
* an attacker could crack whichever has weaker parameters, if they get out
of sync.
* if an attacker can modify the secret in a way it is good to decrypt the
database, then she can also modify the MAC.
The solution for this is:
* completelly eliminate the MAC from the storage secrets file.
* attempt to decrypt the database with whatever is got from the decryption
of the secret. If that is wrong, report an error.
Closes #6980.
Diffstat (limited to 'client/changes/VERSION_COMPAT')
0 files changed, 0 insertions, 0 deletions