[guardian-dev] forensic analysis of WeChat's use of SQLCipher on Android

Hans-Christoph Steiner hans at guardianproject.info
Wed Jan 14 04:53:00 EST 2015


Yeah that's a good idea.  So far, the main way we have been addressing this
issue is by making CacheWord as easy to use as possible. Its a complementary
library for managing AES256 keys like what SQLCipher uses.  But that of course
still relies on the user entering a password.

As for techniques for better managing a password without having the user enter
one, that I haven't looked deep into because I believe it is ultimately
futile.  If the user does not need to enter the password to unlock something,
neither will anyone else.

One minor improvement would be using a hardware security module (HSM) to
manage the password in this kind of setup.  As far as I understand how they
are implemented in smartphones, a forensic data acquisition would not be able
to get the keys out of the HSM.  So then the actual device would be required
in order to unlock the encryption.

.hc

Chris Kuethe:
> Would it be worth creating a security advice page? Something that clearly
> calls out certain risky behaviors, possibly with links to 3rd party
> write-ups like this one? Clearly not everyone who uses sqlcipher is a
> sophisticated developer. They know enough to not roll their own crypto, but
> why not give them some guidance on how to use it correctly?
> 
> "Don't hard code a key into your app."
> "Don't just use the IMEI of the device in your app."
> "Allow the user to lock the app/database with a password, and give them the
> option to flush it from memory when not in use."
> "Don't directly accept the user's password. Run it through a well-known
> KDF."
> "Don't use unsalted passwords/keys/hashes."
> "Don't use the time as the salt."
> 
> 
> On Tue, Jan 13, 2015 at 2:30 PM, Hans-Christoph Steiner <
> hans at guardianproject.info> wrote:
> 
>>
>> The big Chinese chat app WeChat uses SQLCipher-for-Android to store its
>> messages. But unfortunately, they just generate a password with local,
>> public
>> info.  Here's a good example of how not to implement SQLCipher!
>>
>>
>> http://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database
>>
>> .hc
>>
>> --
>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
>>
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit:
>> https://lists.mayfirst.org/mailman/options/guardian-dev/chris.kuethe%40gmail.com
>>
>> You are subscribed as: chris.kuethe at gmail.com
>>
>>
> 
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81


More information about the Guardian-dev mailing list