Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Notes on weak crypto #20

Open
codingchili opened this issue Jan 29, 2019 · 1 comment
Open

Notes on weak crypto #20

codingchili opened this issue Jan 29, 2019 · 1 comment

Comments

@codingchili
Copy link

codingchili commented Jan 29, 2019
edited
Loading

Some notes on chosen algorithms and parameters

  • recommended to use 10k iterations for PBKDF2 in 2016, 128 is being used here.
  • we might want to use Twofish instead of Blowfish.
  • if we don't apply the KDF to the encryption key an attacker can brute force the encryption algorithm easily for weaker keys (< 9 characters).

I'm using SCrypt with 65k iterations and it takes 1-3 seconds to authenticate from fastest to slowest device. I recommend that you try and tune PBKDF2 on some devices.

If you store the salt of the master password, you don't need to store the hash of it. Then you can use the derived key as the encryption key. If you want to add fingerprint encryption later - you can store the masters hash encrypted with a key from the TEE that is protected by the users fingerprint. This is much faster than applying the KDF on the master but requires a fingerprint sensor.

Take a look at my project if you want, it's written in Kotlin.
@SpongeBobSun
Copy link
Contributor

Thanks for the advice. Will try to fix this and add finger print support on the next release - not sure when due to I'm working on other things...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codingchili @SpongeBobSun