#2100 new enhancement

passphrase-encrypt the aliases file

Reported by: daira Owned by: daira
Priority: normal Milestone: undecided
Component: code-frontend-cli Version: 1.10.0
Keywords: aliases security capleak usability Cc: dawuud
Launchpad Bug:

Description

This would help people who are concerned about the risk of an aliases file being read by an attacker. It would probably use scrypt or similar to drive the key from the passphrase.

Change History (10)

comment:1 Changed at 2014-08-07T01:04:31Z by dawuud

I would really like to help out with this ticket. Would using NaCl?'s SecretBox? like this work? https://github.com/david415/hidden-tahoe-backup/blob/master/HiddenTahoeBackup/secretBox.py

Should I be using scrypt here instead of sha256?

def hashPassphrase(passphrase):
    return nacl.hash.sha256(passphrase, encoder=nacl.encoding.RawEncoder)

comment:2 Changed at 2014-08-07T01:06:30Z by dawuud

  • Cc dawuud added
  • Owner set to dawuud

comment:3 Changed at 2014-08-07T14:36:22Z by daira

I don't think we want to add a dependency on NaCl. scrypt is a fine choice of PBKDF, though.

Last edited at 2014-08-07T14:36:38Z by daira (previous) (diff)

comment:4 Changed at 2014-10-19T11:06:26Z by dawuud

If not NaCl? secretBox then what do you suggest?

comment:5 Changed at 2014-12-02T19:51:17Z by warner

  • Component changed from code-frontend to code-frontend-cli

comment:6 follow-up: Changed at 2015-12-10T07:11:37Z by dawuud

If we are going to encrypt the private aliases file shouldn't we also use a message authenticating code, perhaps an HMAC?

comment:7 Changed at 2015-12-10T14:47:28Z by dawuud

a rough sketch of the cryptos here combining scrypt and an hmac construction with aes: https://github.com/david415/tahoe-lafs/tree/2100.encrypt-aliases-file.0

though i think it's the wrong aes mode; shouldn't it be a stream cipher so that the input can be any length? you can see my unit tests fail because the plaintext length is not a multiple of 16. wtf.

comment:8 follow-up: Changed at 2015-12-10T20:42:24Z by dawuud

  • Owner changed from dawuud to daira

i added padding and the unit tests pass now.

it occurred to me that typing the passphrase every time an alias is used would get annoying. even more so with key stretching. does resolving this ticket require making an agent?

comment:9 in reply to: ↑ 6 Changed at 2015-12-14T22:14:45Z by daira

Replying to dawuud:

If we are going to encrypt the private aliases file shouldn't we also use a message authenticating code, perhaps an HMAC?

Yes, we should use authenticated encryption. Encrypt-then-HMAC is fine for that.

Version 0, edited at 2015-12-14T22:14:45Z by daira (next)

comment:10 in reply to: ↑ 8 Changed at 2015-12-14T22:15:16Z by daira

Replying to dawuud:

does resolving this ticket require making an agent?

No.

Note: See TracTickets for help on using tickets.