Pass-the-Hash Attack

[alexandre-lavoie]

Stumbled onto your project today, great idea and overall great execution! I am probably late on this, there has not been much activity therefore I assume it is not actively maintained. Wanted to raise this in case anyone is actively using this.

There is a Pass-the-Hash Attack in the encryption algorithm. This is due to encrypting passwords with the master_password_hash as a key. This approach essentially makes master_password_hash the master password for the DB. This is an issue because master_password_hash can be read by anyone that can get access to master_password.py. In this case, even if it seems to go against security principles, the raw master_password + 2FA should be used because those are the values that only the user knows.

[collinsmc23]

Hi Alexandre,

Thank you for bringing this security issue to my attention, this makes sense to me. Out of curiosity, even with the mater-password using a key derivation function such as the PBKDF2 algorithm would still create the issue of pass the hash? Since the encryption key is being derived from a secret.

Thanks!

[alexandre-lavoie]

If I understand correctly, your key derivation is the following:

key = PBKDF2(str(master_password_hash), salt).read(32)

We can read master_password_hash and salt, therefore we can get the value of the key (PBKDF2 should generate a working AES key if we provide the same valid input). If I use the decryption algorithm directly, I will be able to decrypt the password without ever knowing the actual master password (that is, if I can leak the master_password_hash).

[alexandre-lavoie]

I made a PoC using the decryption algorithm in hopes it can clarify! I can open a PR if you'd like to see the fix I would apply!

[alexandre-lavoie]

Note: I just realised why you are using the PBKDF2 derivation. If you are trying to increase the computer power to crack the master password, it is a good approach. You would have to use an input that cannot be obtained by the attacker to be safe.

[collinsmc23]

Thank you. You are right, I am using PBKDF2 as my means of hashing. You can open up a PR if you would like to and I can merge. Thanks for taking the time to review this, lesson learned!

[Fretless14]

I made a PoC using the decryption algorithm in hopes it can clarify! I can open a PR if you'd like to see the fix I would apply!

Hi Alexandre, I'd like to see the fix you would apply if you have the time! Thanks and best!

[alexandre-lavoie]

I got carried away and did a whole refactor in my fork: https://github.com/alexandre-lavoie/python-sql-password-manager. I won't PR unless if there is interest. I prevented this attack using the master key directly (as I described above). I also don't store the master key in any form - I just check if a decryption of a known value is valid to validate the master key. You can have a look at the Password module in password.py. There's probably a security hole I'm not considering (as usual when it comes to crypto-related projects), but it should theoretically be safe.

[Fretless14]

I got carried away and did a whole refactor in my fork: https://github.com/alexandre-lavoie/python-sql-password-manager. I won't PR unless if there is interest. I prevented this attack using the master key directly (as I described above). I also don't store the master key in any form - I just check if a decryption of a known value is valid to validate the master key. You can have a look at the Password module in password.py. There's probably a security hole I'm not considering (as usual when it comes to crypto-related projects), but it should theoretically be safe.

do you mind enabling Issues? I've got a quick question!

[collinsGTR]

Issues are opened here if that's what you wondering