Menu

#31 Encryption is not authenticated.

v1.0 (example)
closed-wont-fix
Lester Hightower
None
9
2017-08-12
2016-07-28
Aaron Toponce
No

This may be an extension of KeePass proper, but the database is not authenticated with a MAC. The subroutine "encrypt_rijndael_cbc" uses Crypt::Rijndael::MODE_CBC without any authentication. This leaves the DB as malleable. A MAC tag needs to be generated, and subroutine decrypt_rijndael_cbc should exit, if the calculated MAC tag and attached MAC tag do not match, before decrypting.

Discussion

  • Aaron Toponce

    Aaron Toponce - 2016-07-28

    Hmm. That might not be correct. Line 538 appears to be MAC-then-Encrypt.

    # Store the md5sum of the file so we can watch for unexpected changes
$state->{kdb_file_md5} = Digest::file::digest_file_hex($file, "MD5");
     

  • Lester Hightower

    Lester Hightower - 2017-08-12
    • status: open --> closed-wont-fix
    • assigned_to: Lester Hightower
     

  • Lester Hightower

    Lester Hightower - 2017-08-12

    The line of code that you pointed out -- this one:

    # Store the md5sum of the file so we can watch for unexpected changes
$state->{kdb_file_md5} = Digest::file::digest_file_hex($file, "MD5");

    is used only to detect if the Keepass file that kpcli has opened changes on disk underneath it, most likely due to the user concurrently using more than one Keepass client on the file. That MD5 hash is used exclusively to detect and warn a user if the file has canged under them, when they have asked to save the state that kpcli has to that file.

    I do think you are correct about the overall problem, but it is not a kpcli problem but rather a Keepass issue.

     

Log in to post a comment.

MongoDB Logo MongoDB