search

Arctosoft / Valv-Android

An encrypted gallery vault for Android
GNU General Public License v3.0
132 stars 6 forks source link

[BUG] - Enter wrong password shows the encrypted folders (name) #45

Open ricassiocosta opened 9 months ago

ricassiocosta commented 9 months ago

Describe the bug If a create a folder using a legitimate password, store some files there, close the vault and tries to open the vault using a wrong password, although the files encrypted are not accessible, the name of folders and their location are displayed. This can potentially expose sensitive information, like if the user uses folders category naming.

To Reproduce Steps to reproduce the behavior:

  1. Go to Valv login page and login using some password (lets call this password1)
  2. Click on add folder and create a new folder
  3. Click on Import files and select some file to import
  4. Click on the lock icon
  5. Login again using a different password (password2)
  6. Note that the folder previously created are displayed, although the files encrypted are not accessible.

Expected behavior Neither the files encrypted or the folders created should be visible if I login different passwords.

Smartphone (please complete the following information):

ricassiocosta commented 9 months ago

An additional comment regarding this issue, is that the encrypted files shows in their names the extension of the original file... This seems to be a security issue for me. This could potentially lead to extortion.

hej2010 commented 9 months ago

The problem with hiding the folders that contain files encrypted using a different key is that you need to store a relation between the encryption key and those folders (e.g. the hash of the password/key together with the folder path). If you move around files or move files between devices the app won't know that and it can e.g. hide folders that should not be hidden and the other way around.

The encrypted file extension is added automatically by Android but I can try to make an update that removes it

ricassiocosta commented 9 months ago

The problem with hiding the folders that contain files encrypted using a different key is that you need to store a relation between the encryption key and those folders (e.g. the hash of the password/key together with the folder path). If you move around files or move files between devices the app won't know that and it can e.g. hide folders that should not be hidden and the other way around.

The encrypted file extension is added automatically by Android but I can try to make an update that removes it

I think this could be solved by showing only the files that the informed key can decrypt. If a folder has no file that can be decrypted by using the informed key, the folder should be hidden from the viewer. This would avoid someone to add different files using different keys in a same folder for example. Another issue that I have noticed, is that in this same scenario that someone adds different files using different keys in a same folder, is that the file counter shows that total amount of files inside that folder...

hej2010 commented 9 months ago

Yes, but that would require trying to decrypt every file in the folder, it will be very slow if you have a lot of files

ricassiocosta commented 9 months ago

Maybe you can create kinda of a "header file" in each folder. A file that would be used to verify if a given key can decrypt that folder. Yes, this would be a new "business requirement", that would enforce each folder to have a specific key to encrypt/decrypt the whole content. If I'm not wrong, TrueCrypt use a similar strategy to verify if a given key is valid to decrypt a container or not.