Single bit errors in the database

  • Anonymous - 2006-11-04

    I changed a single bit in the database file, basically to see if there is any authentication. After entering the password PasswordSafe then proceeds to use all the memory and hog the processor. I had to reboot the PC!

    • Rony Shapiro

      Rony Shapiro - 2006-11-05

      So obviously there is authentication, but the reaction to authentication failure is perhaps a bit too drastic...

      1. One of the features added to the 3.x database format is integrity verification of the data. This is done, however, on the plaintext, not the encrypted data.
      2. Therefore, a single bit flip on the encrypted data has a good chance of causing a crash. What most likely happened is that you've caused the field containing the size of a record to change into a random (and probably huge) value. The application tried to allocate the Megabytes of memory that would be needed to read such a field, resulting in the "freeze" you saw.
      3. Future versions will have more sanity checks on the input, making such crashes less likely.



Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks