| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44230FB3.4050706@katsokotisivuilta.ni> Date: Thu Mar 23 21:23:12 2006 From: seemyhomepage at katsokotisivuilta.ni (Markus Jansson) Subject: PasswordSafe 3.0 weak random number generator allows key recovery attack I wonder why havent anyone posted this one here yet?!? Concidering the fact that Password Safe is used to create and store users secure passphrases in one database, the compromise of this database could be horrible...therefore I see this attack/bug also as horrible. http://www.securityfocus.com/archive/1/428552/30/0/threaded "Title : PasswordSafe 3.0 weak random number generator allows key recovery attack Date : March 23, 2006 Product : PasswordSafe 3.0 Discovered by : ElcomSoft Co.Ltd. ... PasswordSafe 3.0 utilizes two different random number generator (RNG) functions: Win32 API RtlGenRandom() and standart Visual C++ rand(). RtlGenRandom() is not available on Windows prior to Windows XP (i.e. Windows 2000, Windows NT, Windows Me) so rand() is used instead. Specifically, rand() is used to generate 256-bit database encryption key. It is widely known that using rand() in cryptographic applications is not secure due to its predictbility and small internal state. ... It is possible to mount guaranteed decryption attack on PasswordSafe 3.0 databases created under OS prior to Windows XP. The attack is very simple: 1. Generate 256-bit key for every possible seed value 2. Decrypt first database record (the structure is documented, so we have known plaintext attack) 3) Check decrypted value against the known plaintext ... The total number of all possible seed values is limited by 2^32, so it is quite feasible. Our experiments show that the key can be recovered in less than 6 hours on the single PC (Pentium 4)." Can anyone confirm 1) Is version 2.xx also vulnerable (either on XP or other OS)? 2) Password Safe has ability to create secure passphrases, are they too insecure because PRNG is insecure in PSv3? 3) Is there a fix available? 4) Is there a more secure password manager solution available? ;) -- ???My computer security & privacy related homepage http://www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy.
Powered by blists - more mailing lists