KWallet weaknesses (was: [PATCH] Make pinentry-qt read and store
passphrases in KDE 3.2's wallet)
Werner Koch
wk at gnupg.org
Thu Dec 4 16:19:53 CET 2003
On Thu, 4 Dec 2003 11:50:18 +0100, Ingo Klöcker said:
> BTW, AFAIK KWallet hasn't been audited by anyone (except George). Or has
> it?
I just browsed over it and figured some of the usual crypto beginner's
faults:
* No intialization vector used in CBC mode -> FATAL problem.
* Passphrase to key conversion is not one of the standards like
pkcs#5 or the OpenPGK S2K method. Instead a simple brute force
thing is tried by repeating the hashing the hash 2000 times. I
also found no salt!
* The protocol used is not decribed.
* The plaintext files seems to be filled with random during
initalization. I can't see a reason for this. This won't replace
an IV.
I may have not grasped everything in the code and thus I better
apologize in advance. Having said this, the bottom line is that using
Kwallet as it stands now seems to be a major security problem. It
might be wise to tell George to read Peter Gutmann's recent papers on
the deficiencies of various VPN protocols.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the Gpa-dev
mailing list