Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-07-22 22:40:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

Prevent duplicate entries in passphrase wordlists

Browse source 
Replace a QVector for the wordlist with a QSet. This removes all duplicate entries in a given wordlist.
Thus, it hinders a malicious wordlist that has the proper length (>4000 entries) but with repetitions (effectively << 4000 entries) to be used and potentially create weaker passphrases than estimated.

Example:
List with 4000 items but only 64 unique words would lead to only 48 bit of Entropy instead of ~95 bit!
This commit is contained in:
Jonathan White 2024-09-13 22:48:16 -04:00
parent 0ae88131f6
commit ad9ef88e15
No known key found for this signature in database
GPG key ID: 440FC65F2E0C6E01
8 changed files with 48 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

16
tests/TestPassphraseGenerator.cpp
View file

@ -16,6 +16,7 @@
*/
#include "TestPassphraseGenerator.h"
#include "config-keepassx-tests.h"
#include "core/PassphraseGenerator.h"
#include "crypto/Crypto.h"
@ -52,3 +53,18 @@ void TestPassphraseGenerator::testWordCase()
QRegularExpression regex("^(?:[A-Z][a-z-]* )*[A-Z][a-z-]*$");
QVERIFY2(regex.match(passphrase).hasMatch(), qPrintable(passphrase));
}
void TestPassphraseGenerator::testUniqueEntriesInWordlist()
{
PassphraseGenerator generator;
// set the limit down, so we don;t have to do a very large file
generator.m_minimum_wordlist_length = 4;
// link to bad wordlist
QString path = QString(KEEPASSX_TEST_DATA_DIR).append("/wordlists/bad_wordlist_with_duplicate_entries.wordlist");
// setting will work, it creates the warning however, and isValid will fail
generator.setWordList(path);
// so this fails
QVERIFY(!generator.isValid());
}