KWallet weaknesses (fwd)
Martijn Klingens
martijn at martijn.homeip.net
Fri Dec 5 10:41:39 GMT 2003
I wanted to send this to security at kde.org and George in private, but as
Ingo escalated the other mail to core-devel I'd better send this one there
too.
--
Martijn
---------- Forwarded message ----------
Date: Thu, 04 Dec 2003 20:34:03 +0100
From: Werner Koch <wk at gnupg.org>
To: Martijn Klingens <klingens at kde.org>
Subject: Re: KWallet weaknesses
On Thu, 4 Dec 2003 19:26:38 +0100, Martijn Klingens said:
> Could you send this to security at kde.org and to George Staikos
> <staikos at kde.org> (in perhaps slightly more polite wording :) ?
Please forward it yourself, it has been posted to a public list.
Frankly I revised my wording right before sending to be more polite.
> See also
> http://www.staikos.net/~staikos/presentations/August2003/kwallet/html/slide_1.html
> for more info on the wallet btw.
Interesting. I have misread something, apparently the first block is
used as an IV which should work. However the design is not
straightforward and the use of the encrypted SHA1 hash for integrity
protection has a couple of problems when not done properly.
The "quick recognition of format revisons" feature has the
disadvantage of rollback attacks.
The random number generator use is questionable (if /dev/urandom
fails, use /dev/random (even with a comment to fix the blocking
issue).
I'd strongly suggest to use a standard protocol for encrypting this.
Either CMS which is really hard to implement or OpenPGP which is
pretty easy and the code can be sucked from other implementations.
Feel free to forward this to George or any list. And well, please
mentally wipe out the "crypto beginner's fault" remark. I read too
many crypto papers over the last weeks where homemade protocol design
was harshly criticized.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the kde-core-devel
mailing list