Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Confidentiality isn't your only concern. You should also be worried about integrity and availability. From "On The Security of Password Manager Database Formats":

  Unfortunately, [KDBX4] introduces new vulnerabilities.
  Similarly to KDB, the main problem of this format is
  the lack of authentication of *hdr*. As such, is it
  susceptible to modifications... This modification is
  not detectable by the password manager... if a user
  alters, and then saves, a corrupted database, all
  passwords previously affected by the attack are lost
  forever.

  This attack highlights a remarkable design flaw. Even
  an accidental bit-flip in the *pskey* field, e.g., due
  to a transmission error, cannot be detected, and leads
  to complete corruption of the database. Such
  corruption is unlikely to be immediately detected by
  users, who may subsequently add new entries. Over time,
  the database will be composed of both correct and
  corrupted entries, making it difficult to reconstruct
  the damaged records from a backup.
Which reminds me - I need to migrate back to Password Safe as soon as possible.


Confidentiality is my only concern in the case of malicious modification. Remember, that availability and integrity of your database can be broken without an attacker, just due to hardware problem, for example. So it is up to you to have a cold backup for such a critical asset.


May I emphasize this sentence?

  Over time, the database will be composed of both
  correct and corrupted entries, making it difficult
  to reconstruct the damaged records from a backup.
I don't know enough about cryptography to be able to say whether it's possible to break a particular cryptographic protocol by blindly altering the ciphertext, but I do know plenty about human nature and backups. It's _highly_ unlikely that normal people keep more than a handful of backups. My own personal backup retention limit is on the order of 30 days, and that's with careful planning. Silent, on-going data corruption happening to a password database seems like a very reasonable thing to concern oneself with, especially if one's expectation was that the password manager would throw some kind of data integrity error whenever said database was accessed.


How will you do that? It looks tricky to say the least: http://sourceforge.net/p/passwordsafe/discussion/134801/thre...

EDIT: It looks like you can clear out all the comments and other stuff in the db and export to Keepass v1 CSV and you should be able to import from that.


Hey, thanks a ton for the clue!


This isn't true anymore.

Newer versions store a SHA-256 hash of the header inside the encrypted XML.

At least KeePass >= 2.20 and KeePassX 2.0 >= alpha3 support this. I haven't checked other implementations.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: