[Passwordsafe-devel] Re: Validation flaw addressed in version 2.14
Popular easy-to-use and secure password manager
Brought to you by:
ronys
From: Bruce S. <sch...@co...> - 2005-11-23 22:10:03
|
I don't think you can fix this and maintain backwards compatibility. I think you have to choose. And security should win. You could have a transition version that supports the old version but nags people to use the new version, or something like that. Or a version that accepts the old version and then forces the user to use the new version. But in the end backwards compatibility has to be broken. At 02:31 PM 11/23/2005, Rony Shapiro wrote: >The good folks at elcomsoft have posted an item regarding a flaw in the >passphrase validation for all versions of PasswordSafe. >(http://seclists.org/lists/vulnwatch/2005/Oct-Dec/0046.html) > >Briefly, it's possible to take advantage of the database structure to bypass >the deliberately slow "key stretching" method used to verify the user's >passphrase, enabling a faster brute-force dictionary attack than was >intended by the designers. > >In release 2.14, I've implemented a partial fix to this, basically replacing >fixed data with randomness wherever possible in the first block. This is a >partial fix, but it's the most I can do without breaking backwards >compatability with existing implementations (and it seems that I've already >broken compatability with the Java version...). > >I'd like to ask this list for suggestions for (1) a better solution that >would keep compatability with previous versions (that is, that previous >versions 2.x of PasswordSafe will be able to read the new database, and (2) >a complete solution, unencumbered by backwards-compatability (that is, a new >version of the database format). > >Thanks to Jeff & Hagai for bringing the vulnwatch posting to my attention. > > Cheers, > > Rony > >P.S. - I've decided not to announce this to the user's mailing list for two >reasons: 1. The issue is a bit subtle and therefore difficult to explain. >Conversely, it's *very* easy to misunderstand as "passwordsafe's security >is/was broken". 2. The fix isn't a complete solution to the problem (yet). >Of course, |