Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-08-18 11:08:05 -04:00
Code Issues Projects Releases Packages Wiki Activity
keepassxc/src/format
History
Jonathan White fff1b49f73 Prevent byte-by-byte and attachment inference side channel attacks 
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 15:21:46 -05:00
..
BitwardenReader.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
BitwardenReader.h Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
CsvExporter.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
CsvExporter.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
CsvParser.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
CsvParser.h Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
Kdbx3Reader.cpp Improve KDBX error messages 2022-03-20 23:31:52 +01:00
Kdbx3Reader.h Refactor Database and Database widgets (#2491) 2018-11-22 11:47:31 +01:00
Kdbx3Writer.cpp Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
Kdbx3Writer.h Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
Kdbx4Reader.cpp Improve KDBX error messages 2022-03-20 23:31:52 +01:00
Kdbx4Reader.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
Kdbx4Writer.cpp Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 15:21:46 -05:00
Kdbx4Writer.h Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 15:21:46 -05:00
KdbxReader.cpp Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
KdbxReader.h Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
KdbxWriter.cpp Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
KdbxWriter.h Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
KdbxXmlReader.cpp Minor changes to Group API to make it more explicit 2024-03-09 15:21:46 -05:00
KdbxXmlReader.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
KdbxXmlWriter.cpp Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 15:21:46 -05:00
KdbxXmlWriter.h Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 15:21:46 -05:00
KeePass1.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
KeePass1Reader.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
KeePass1Reader.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
KeePass2.cpp Translate Cipher and KDF strings 2023-02-19 08:28:59 -08:00
KeePass2.h Translate Cipher and KDF strings 2023-02-19 08:28:59 -08:00
KeePass2RandomStream.cpp Replace all crypto libraries with Botan 2021-04-05 22:56:03 -04:00
KeePass2RandomStream.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
KeePass2Reader.cpp Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
KeePass2Reader.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
KeePass2Writer.cpp Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
KeePass2Writer.h Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
OpData01.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
OpData01.h Correct Translation Warnings 2019-10-20 20:39:21 -04:00
OPUXReader.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
OPUXReader.h Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
OpVaultReader.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
OpVaultReader.h Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
OpVaultReaderAttachments.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00
OpVaultReaderBandEntry.cpp Passkeys: Add support for importing Passkey to entry (#9987) 2024-01-30 18:26:45 -05:00
OpVaultReaderSections.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 15:21:46 -05:00