[guardian-dev] interesting review of keepassx

Abel Luck abel at guardianproject.info
Fri Jan 11 08:19:23 EST 2013

from tails-dev

-------- Original Message --------
Subject: Re: [Tails-dev] Please review & merge
Date: Wed, 9 Jan 2013 17:21:35 -0800
From: Robert Ransom <rransom.8774 at gmail.com>
Reply-To: The Tails public development discussion list <tails-dev at boum.org>
To: The Tails public development discussion list <tails-dev at boum.org>

On 1/9/13, intrigeri <intrigeri at boum.org> wrote:
> Hi,
> please review & merge feature/install-password-manager.
> ticket: todo/install_password_manager
> candidate for 0.17

Some issues in keepassx 0.4.3-1ubuntu3 (according to the changelogs,
nothing I'm pointing out is fixed in Debian's 0.4.3-2):

* The icons in share/keepassx/icons/ appear to be from the Oxygen
theme, and appear to be missing both their copyright and license
information (Oxygen is LGPL) and their preferred form for modification
(especially clientic.png).

* src/lib/random.cpp will use fake entropy produced by a
non-cryptographic PRNG with a 32-bit seed if it fails to open or read
from /dev/urandom.

* src/dialogs/CollectEntropyDlg.cpp records the (low-entropy) sequence
of keys pressed by the user, and discards the keystroke event timings
which contain most of the entropy.

* It uses the Gladman implementation of AES, which makes no attempt to
resist timing side-channel attacks.  (It also supports using Twofish
to encrypt password databases; Twofish cannot be implemented
efficiently without side-channel leaks.)

* It also includes an RC4 implementation (RC4 also cannot be
implemented efficiently without side-channel leaks), and uses a single
global RC4 key to ‘encrypt’ multiple strings in memory (see
src/lib/SecString.[hc]) by XORing each of them with (part of) the same
sequence of keystream bytes.

The cryptography used on disk should be adequate, aside from the
side-channel leaks and the fake RNGs.  (It encrypts the whole file
using a block cipher in CBC mode with a random IV and mediocre
integrity protection.)

The other password managers you've considered are probably at least as
bad as this one.

Robert Ransom
tails-dev mailing list
tails-dev at boum.org

More information about the Guardian-dev mailing list