It's okay, we use AES!
April 6, 2008
I’ve been looking at password safe applications recently, to keep track of my growing number of accounts, both online and offline. And I’ve noticed something quite striking in all of them: none seems to find it necessary to explain exactly how they go about protecting my passwords. They all resort to what I’d call the crypto-defense: “The database uses AES for encryption, it’s safe!”
Everyone and their dog uses AES, why is it safe?
Secure because of AES, not necessarily. As with many things, it’s not just what you have, it’s all about how you use it. I could write a password store that uses AES to encrypt all fields but the password, and say “It’s secure, it uses AES!” Of course this would be ridiculous, but it’s just an extreme demonstration of the core point: using a currently secure cipher doesn’t magically make your password store secure.
I looked around the sites of both Password Manager and KeePass for an overview of their datastore, and all I could find was “it’s encrypted, so it’s secure”, followed by dissertations on how to securely copy a password from the store into an application.
Am I the only one who would like an overview of how the database is structured? Is each password encrypted individually, or is the final binary blob of a database encrypted? When I access one password, is the entire database sitting decrypted in ram, or just that entry? Is chaffing used so that an attacker is unable to infer password length by observing changes to the database’s size? Are codes used to detect, and maybe even correct errors, so that an attacker flipping a bit doesn’t alter my passwords, or at the very least makes it detectable?
All these are questions that a password store should be answering in an “overview of the system” page, without forcing me to go down into the code to reverse engineer it all.
Consequently, I’m still on the lookout for a good cross-platform password store. Ideally, all security critical code would be constrained to a small portable library, both for auditability and to ease the creation of varied UIs. If I can read the whole source of the core “database” layer (ie. no GUI) in one afternoon and convince myself that it is secure enough for me, I will feel much less bothered at the idea of using your software. Please don’t force me to make a leap of faith with password storage.