This is not in anyway a secret, but I haven't been able to find any reference to anyone actually reporting this as the bug it is.
The HMAC in V3 files is only calculated on the field values in a record.
A record consists of fields. Each field has a 5 byte header, where the first 4 bytes is the length of the field value, and there's one byte type code.
The HMAC does not take the length and type into account, nor does it hash the padding bytes in unused parts of blocks.
This implies that it's possible to modify the length and type without the HMAC seeing this.
The real-world risk is low, but since PasswordSafe is supposed to represent state-of-the-art cryptography, this is really not acceptable.
It's not best practice. It should be fixed.
Log in to post a comment.