From 54fb0d9bd331d6f5567360e772a4e1b44587a75b Mon Sep 17 00:00:00 2001 From: Janek Bevendorff Date: Sat, 6 Jan 2018 16:59:41 +0100 Subject: [PATCH] Show warning when using inappropriate transform round number Increase default AES-KDF rounds to 100k --- src/crypto/kdf/Kdf.h | 2 +- src/gui/DatabaseSettingsWidget.cpp | 36 +++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/crypto/kdf/Kdf.h b/src/crypto/kdf/Kdf.h index e45d23bcd..216224a6f 100644 --- a/src/crypto/kdf/Kdf.h +++ b/src/crypto/kdf/Kdf.h @@ -23,7 +23,7 @@ #include "core/Uuid.h" #define KDF_DEFAULT_SEED_SIZE 32 -#define KDF_DEFAULT_ROUNDS 100000ull +#define KDF_DEFAULT_ROUNDS 1000000ull class Kdf { diff --git a/src/gui/DatabaseSettingsWidget.cpp b/src/gui/DatabaseSettingsWidget.cpp index 9335b0ab8..0c2eba796 100644 --- a/src/gui/DatabaseSettingsWidget.cpp +++ b/src/gui/DatabaseSettingsWidget.cpp @@ -1,4 +1,5 @@ /* + * Copyright (C) 2018 KeePassXC Team * Copyright (C) 2012 Felix Geyer * * This program is free software: you can redistribute it and/or modify @@ -21,6 +22,7 @@ #include "ui_DatabaseSettingsWidgetEncryption.h" #include +#include #include "core/Global.h" #include "core/FilePath.h" @@ -130,6 +132,36 @@ void DatabaseSettingsWidget::load(Database* db) void DatabaseSettingsWidget::save() { + // first perform safety check for KDF rounds + auto kdf = KeePass2::uuidToKdf(Uuid(m_uiEncryption->kdfComboBox->currentData().toByteArray())); + if (kdf->uuid() == KeePass2::KDF_ARGON2 and m_uiEncryption->transformRoundsSpinBox->value() > 1000) { + QMessageBox warning; + warning.setIcon(QMessageBox::Warning); + warning.setWindowTitle(tr("Number of rounds too high")); + warning.setText(tr("You are using a very high number of key transform rounds with Argon2.\n\n" + "If you keep this number, your database may take hours or days (or even longer) to open!")); + auto ok = warning.addButton(tr("Understood, keep number"), QMessageBox::ButtonRole::AcceptRole); + auto cancel = warning.addButton(tr("Cancel"), QMessageBox::ButtonRole::RejectRole); + warning.setDefaultButton(cancel); + warning.exec(); + if (warning.clickedButton() != ok) { + return; + } + } else if (kdf->uuid() == KeePass2::KDF_AES and m_uiEncryption->transformRoundsSpinBox->value() < 100000) { + QMessageBox warning; + warning.setIcon(QMessageBox::Warning); + warning.setWindowTitle(tr("Number of rounds too low")); + warning.setText(tr("You are using a very low number of key transform rounds with AES-KDF.\n\n" + "If you keep this number, your database may be too easy to crack!")); + auto ok = warning.addButton(tr("Understood, keep number"), QMessageBox::ButtonRole::AcceptRole); + auto cancel = warning.addButton(tr("Cancel"), QMessageBox::ButtonRole::RejectRole); + warning.setDefaultButton(cancel); + warning.exec(); + if (warning.clickedButton() != ok) { + return; + } + } + Metadata* meta = m_db->metadata(); meta->setName(m_uiGeneral->dbNameEdit->text()); @@ -169,7 +201,6 @@ void DatabaseSettingsWidget::save() m_db->setCipher(Uuid(m_uiEncryption->algorithmComboBox->currentData().toByteArray())); // Save kdf parameters - auto kdf = KeePass2::uuidToKdf(Uuid(m_uiEncryption->kdfComboBox->currentData().toByteArray())); kdf->setRounds(m_uiEncryption->transformRoundsSpinBox->value()); if (kdf->uuid() == KeePass2::KDF_ARGON2) { auto argon2Kdf = kdf.staticCast(); @@ -188,6 +219,7 @@ void DatabaseSettingsWidget::save() tr("Failed to transform key with new KDF parameters; KDF unchanged."), QMessageBox::Ok); } + emit editFinished(true); } @@ -244,4 +276,6 @@ void DatabaseSettingsWidget::kdfChanged(int index) bool parallelismEnabled = id == KeePass2::KDF_ARGON2; m_uiEncryption->parallelismLabel->setEnabled(parallelismEnabled); m_uiEncryption->parallelismSpinBox->setEnabled(parallelismEnabled); + + transformRoundsBenchmark(); }