Security Issues

[yannleretaille]

As posted on ProductHunt:

Hey @Drimiteros, from a cursory glance:

• You are not using a password derivation function on the user-provided password/key. There is some weird shuffling going on in the "grade" function, but that is very predictable, and I wouldn't even call it a "weak" password derivation function.
• You are using AES CBC mode with a fixed, never changing, null-byte IV. Apart from the fact that CBC is no ideal for this kind of application, you have to use a unique, random IV for every ciphertext and never re-use it. CBC also lacks authentication.
• Less critical, but bad practice: You are using rand() to generate random passwords. The c/c++ standard does not give any guarantees for the rand() function that would make it suitable for anything secure/related to cryptographic operations. You also seed it with srand(time(0)), which means that the output of the password generator is predictable.
• Lastly, you leaked your own loginInfo.txt, which given the weak password derivation could potentially allow someone to recover your password.

Unfortunately, this is all very bad. While I generally encourage others to get into cryptography and security and to not be afraid to play around with it, publishing and advertising this project like this seems at least somewhat irresponsible.

I highly encourage you to read up on:

• AES cipher modes, including modern ones with authentication (e.g., AES-GCM).
• What IVs actually do and why they need to be unique and random for each encryption operation.
• Password derivation functions (e.g., PBKDF2, bcrypt, or Argon2) to securely derive cryptographic keys from passwords.
• Cryptographically secure random number generators (CSPRNGs)
• How other password managers handle encryption, key management, etc. You might also want to look at key wrapping techniques.

I would also recommend adding a proper disclaimer on top the GH project highlighting that this is a toy project and currently not suitable for real-world use.

I hope this message does not sound to discouraging and I that you'll keep going at it - everyone has to start somewhere!

[Drimiteros]

Hey there, @yannleretaille!

Thanks for the feedback! There are indeed some security flaws in the code, as I mentioned in the launch post. Some of these flaws are due to temporary code I wrote early on to test things I was learning, but many of them are already on my radar, and a lot of the code is subject to change.

Here are some fixes I have in mind for the issues you mentioned. Let me know what you think:

• The whole "grade" system was actually the first thing I guessed people would judge 😂. I know it’s so weak to the point of being almost pointless. I’m planning to switch to hashing the password as soon as I figure out how to implement a strong hashing algorithm.
• The fixed null-byte IV was just a temporary shortcut to test if the encryption and decryption were working, since I initially, falsely assumed AES-CBC would be a good enough choice for an offline home use PM. I’m currently researching which AES mode best suits this type of application.
• Using rand() with srand(time(0)) didn’t initially strike me as flawed for password generation. I thought the risk of an attacker guessing the time was unlikely. Since you pointed it out, though, I’m considering using random_device to access the Windows Cryptography API for a secure seed (since the app isn’t cross-platform). I could also look into CPU-specific libraries for random number generation, but that seems less convenient.
• And yes, this is just a test password :P

I launched the app in this state mainly because I wanted feedback and motivation to keep working on it. I understand that this might seem a bit irresponsible given its state, but I thought disclosing the flaws in the launch description and open-sourcing the app would make up for it 🫤.

If you’re interested, feel free to improve any parts of the code you find lacking in security or code structure and submit your changes! Or, you can keep an eye on the updates I make to ensure they’re optimal!

Anyway, thanks a lot for your comment. I’ll do my best to deliver!