Menu

Which KDF-Parameters should be recreated on an export

Open Discussion
Luke
2018-09-03
2018-09-07

  • Luke

    Luke - 2018-09-03

    Hi,

    I'm developing the KeePassSubsetExport plugin and at the moment I'm implementing the copy of KDF-Parameters from the source db.
    But I realized that coping some parameters don't make sense: e.g. ParamSeed of AesKdf.

    I searched the source code of KeePass and as far as I could find out: Exports there always use AesKdf and the seed of the source db.
    KeePassSubsetExport should also support Argon2Kdf and I'm not really sure which to regenerate and which to copy.

    Here are my suggestions - does this make sense for you? (I want to play it safe on security critcal things)

    AesKdf:
    ParamRounds -> copy and allow override
    ParamSeed -> regenerate

    Argon2Kdf:
    ParamSalt -> regenerate
    ParamParallelism -> copy and allow override
    ParamMemory -> copy and allow override
    ParamIterations -> copy and allow override
    ParamVersion -> copy
    ParamSecretKey -> regenerate
    ParamAssocData -> copy

    Thanks for any input!

    Associated discussion on github:
    https://github.com/lukeIam/KeePassSubsetExport/pull/23

    Luke

     

    Last edit: Luke 2018-09-03

  • Dominik Reichl

    Dominik Reichl - 2018-09-03

    If you want to use the same settings, I'd suggest to get the KdfParameters of the database and use this object as-is, without any copying or regenerating. Your plugin uses the KdbxFile for saving the exported file, which automatically randomizes seeds/salts.

    Best regards,
    Dominik

     

    • Luke

      Luke - 2018-09-04

      Hi Dominik,

      thanks for your answer!

      Best regards,
      Luke

       

  • Franck Harry

    Franck Harry - 2018-09-04

    impatient to get your updates Luke and keep up the good work

     

    • Luke

      Luke - 2018-09-07
       

      Last edit: Luke 2018-09-07

Log in to post a comment.