search

Jermolene / TiddlyWiki5

A self-contained JavaScript wiki for the browser, Node.js, AWS Lambda etc.
https://tiddlywiki.com/
Other
7.78k stars 1.16k forks source link

[IDEA] Set the default encryption to AES 256 - currently it is 128 #8248

Open pmario opened 2 weeks ago

pmario commented 2 weeks ago

Due to the improvement of device capabilities it is proposed to set the default encryption strength for the AES encryption we use from 128 bit to 256 bit.

There has been a discussion at Talk: https://talk.tiddlywiki.org/t/query-how-secure-is-the-inbuilt-encryption-option-in-tw/5185/16 where I did find out that user cannot change that default.

IMO it's OK to have a hardcoded default, with the current core implementation. It avoids miss-configurations. -- But I think we should have stronger defaults now.

IMO AES-128 was OK, when the library was created, but now with the rise of quantum computers we should change it to AES 256 bit.

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Quantum_attacks

Quantum attacks

AES-256 is considered to be quantum resistant, as it has similar quantum resistance to AES-128's resistance against traditional, non-quantum, attacks at 128 bits of security. AES-192 and AES-128 are not considered quantum resistant due to their smaller key sizes. AES-192 has a strength of 96 bits against quantum attacks and AES-128 has 64 bits of strength against quantum attacks, making them both insecure.

@Jermolene -- What do you think? -- The change is simple.

ericshulman commented 2 weeks ago

Changing the default TWCore encryption strength from AES-128 to AES-256 will immediately prevent decryption of any existing tiddler data that was previously encrypted using AES-128. This TWCore change MUST be configurable to allow decryption of existing tiddler data.

Upgrading to AES-256 would then be a sequence:

  1. load a TW containing AES-128 encrypted tiddlers
  2. decrypt all encrypted tiddler data
  3. set system encryption strength (e.g., $:/config/EncryptionStrength) to 256
  4. re-encrypt tiddler data and save TW with stronger encryption
pmario commented 2 weeks ago

will immediately prevent decryption of any existing tiddler data that was previously encrypted using AES-128.

That's not true, since the decrypt function is not changed by the PR. I did download TW 5.1.0-empty and I did encrypt it.

Then I did import it into TW v5.3.3 at TW-com - Everything works just fine. The decrypt info is stored with the encrypted data and the library decrypt function use it from there.

image

pmario commented 2 weeks ago

As you can see in the screenshot the PW iteration parameter with TW v5.1.0 was 1000 -- With TW v5.3.3 it is 10000 -- So with Eric's theory an encrypted v5.1.0 file could not be imported into v5.3.3 -- But it is possible, because the library uses the parameters defined with the encrypted data

pmario commented 2 weeks ago

The encrypted v5.1.0 file can also be decrypted by v5.3.4-pre at: https://tiddlywiki5-git-fork-pmario-sjcl-new-74649a-jermolenes-projects.vercel.app/