niksilver
commented
7 years ago I'm going to answer my own question here...
The advantage of changing the challenge and response each time is to prevent the response being captured and then replayed.
I guess the pros and cons of changing or not changing the challenge/response file depends on what you consider the greatest threat to be...
- If you think the response from the key can be captured, but not the XML file, then it's essential to change the challenge/response pair in the XML file.
- If you think the response can't be captured, but the XML file can be captured frequently, then changing the challenge/response pair in the XML will allow the attacker more chance of cracking the secret, but it will take some work.
- If you think the response can be captured, and the XML file can be captured once and restored to that version at some point in the future, then nothing well help you.
Please feel free to correct or close as you please. Thanks.
bartgenuit
This isn't really an issue, more a question for clarification...
As I understand it, whenever the database opens, KeeChallenges creates a new challenge and a new block of data which is the secret key encrypted with the expected response. Then it writes both of those into the updated XML file.
My question is: Why does it bother to do this?
I have found that using an earlier XML file with later version of the same database still allows me to open the database. So updating the XML file doesn't seem to add extra security. In fact, it might reduce security, because if an attacker collects several XML files - which all encrypt the same secret in different ways - they have more information about the encrypted secret and hence more leverage to attack it.
I realise I'm likely to be wrong. But I would welcome the explanation for the record.
(And in the unlikely event I'm right my reported issue would be a feature request: don't bother re-encrypting the secret each time, so as to increase security!)
Thanks for making the user-friendly KeeChallenge.