Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-12-24 04:31:15 -05:00
Code Issues Projects Releases Packages Wiki Activity
keepassxc/src/core
History
Jonathan White 72fc00695c Prevent byte-by-byte and attachment inference side channel attacks 
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 12:39:00 -05:00
..
Alloc.cpp clang-tidy: C++ headers 2022-05-01 16:01:46 -04:00
AsyncTask.h Fix Botan 3 build (#9388) 2023-05-07 08:48:58 -04:00
AutoTypeAssociations.cpp Properly block modified signal during Database destruction (#6438) 2021-05-27 21:50:15 -04:00
AutoTypeAssociations.h Properly block modified signal during Database destruction (#6438) 2021-05-27 21:50:15 -04:00
Base32.cpp clang-tidy: use braced init list (#7998) 2023-01-29 10:05:44 -05:00
Base32.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
Bootstrap.cpp Set test locale to C 2024-03-08 10:55:22 -05:00
Bootstrap.h Set test locale to C 2024-03-08 10:55:22 -05:00
Clock.cpp clang-tidy: use = default (#7999) 2023-01-29 15:47:13 -05:00
Clock.h Correct issues with hiding and minimizing the MainWindow 2020-02-27 23:25:44 -05:00
Compare.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
Config.cpp Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
Config.h Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
CustomData.cpp Fix syntax issue & add a missing header (#7160) 2021-11-24 22:36:31 -05:00
CustomData.h Implement KDBX 4.1 CustomData modification date 2021-11-22 12:58:04 +01:00
Database.cpp Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
Database.h Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
DatabaseStats.cpp Add db statistic output to CLI db-info command. 2021-12-08 23:41:05 -05:00
DatabaseStats.h Add db statistic output to CLI db-info command. 2021-12-08 23:41:05 -05:00
Endian.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
Entry.cpp Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
Entry.h Passkeys: Add support for importing Passkey to entry (#9987) 2023-11-22 23:11:25 -05:00
EntryAttachments.cpp Upstream Flathub patches (#7728) 2022-04-04 19:04:18 -04:00
EntryAttachments.h clang-tidy: use override 2022-05-01 16:01:31 -04:00
EntryAttributes.cpp Passkeys: Add support for importing Passkey to entry (#9987) 2023-11-22 23:11:25 -05:00
EntryAttributes.h Passkeys: Add support for importing Passkey to entry (#9987) 2023-11-22 23:11:25 -05:00
EntrySearcher.cpp Fix potential crash in search if an entry doesn't have a group (#9633) 2023-07-19 16:11:59 -04:00
EntrySearcher.h Add uuid search (#9571) 2023-07-04 07:24:10 -04:00
FileWatcher.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
FileWatcher.h Fix various issues with KeeShare 2020-05-10 17:23:53 -04:00
Global.h Removing QWidget dependency from src/core. 2021-11-12 07:41:30 -05:00
Group.cpp Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
Group.h Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
HibpDownloader.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
HibpDownloader.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
HibpOffline.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
HibpOffline.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
InactivityTimer.cpp Restore correct formatting 2018-11-28 18:29:15 -05:00
InactivityTimer.h clang-tidy: use override 2022-05-01 16:01:31 -04:00
MacPasteboard.cpp Formatting the code. 2018-03-31 16:01:30 -04:00
MacPasteboard.h Overhaul Auto-Type Action Handling 2021-02-21 16:33:54 -05:00
Merger.cpp Fix database merge crash when fdosecrets is enabled (#10136) 2024-01-02 07:17:25 -05:00
Merger.h Fix database merge crash when fdosecrets is enabled (#10136) 2024-01-02 07:17:25 -05:00
Metadata.cpp Fix minor typos (#10124) 2023-12-22 15:12:07 -05:00
Metadata.h Add auto-save delay per database (#9100) 2023-07-08 08:49:03 -04:00
ModifiableObject.cpp Properly block modified signal during Database destruction (#6438) 2021-05-27 21:50:15 -04:00
ModifiableObject.h Properly block modified signal during Database destruction (#6438) 2021-05-27 21:50:15 -04:00
NetworkManager.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
NetworkManager.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
PassphraseGenerator.cpp clang-tidy: use braced init list (#7998) 2023-01-29 10:05:44 -05:00
PassphraseGenerator.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
PasswordGenerator.cpp Prevent duplicate characters in "Also choose from" field of password generator (#9803) 2024-01-06 16:54:30 -05:00
PasswordGenerator.h Add -i/--include option to "generate" CLI command. (#7112) 2021-12-07 23:40:09 -05:00
PasswordHealth.cpp Increase entropy required for a "good" rating to 75. 2022-10-02 14:37:51 -04:00
PasswordHealth.h Limit zxcvbn entropy estimation length 2022-05-30 10:46:39 -04:00
Resources.cpp Support for wordlists in user configuration directory (#6799) 2021-11-04 23:02:33 -04:00
Resources.h Support for wordlists in user configuration directory (#6799) 2021-11-04 23:02:33 -04:00
SignalMultiplexer.cpp clang-tidy: use = default (#7999) 2023-01-29 15:47:13 -05:00
SignalMultiplexer.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
TimeDelta.cpp clang-tidy: use braced init list (#7998) 2023-01-29 10:05:44 -05:00
TimeDelta.h Add 12 hours expiration preset (#7738) 2022-03-31 07:02:28 -04:00
TimeInfo.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TimeInfo.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
Tools.cpp Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
Tools.h Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
Totp.cpp Fix multiple TOTP issues 2024-01-06 15:17:13 -05:00
Totp.h Fix multiple TOTP issues 2024-01-06 15:17:13 -05:00
Translator.cpp Set test locale to C 2024-03-08 10:55:22 -05:00
Translator.h Set test locale to C 2024-03-08 10:55:22 -05:00
UrlTools.cpp Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
UrlTools.h Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00