search

credentials / irma_keyshare_server

IRMA keyshare server
BSD 3-Clause "New" or "Revised" License
0 stars 4 forks source link

Pins and passwords stored in the clear? #8

Closed mmzeeman closed 6 years ago

mmzeeman commented 6 years ago

Why are passwords and pins stored in the clear?

Password verification

https://github.com/privacybydesign/irma_keyshare_server/blob/31aa7286a73c20edcf6fb453050d8d50b86989bd/src/main/java/org/irmacard/keyshare/web/Users/User.java#L76

Pin verification

https://github.com/privacybydesign/irma_keyshare_server/blob/31aa7286a73c20edcf6fb453050d8d50b86989bd/src/main/java/org/irmacard/keyshare/web/Users/User.java#L147

sietseringers commented 6 years ago

Neither of them are: the PIN is (perhaps contrary to its name in the source) already salted by the IRMA app as H(salt | pin) before it arrives at the keyshare server, so what we store and handle in source is not cleartext, and the password is an unused legacy thing. (The method containing line 76 is nowhere used.)

mmzeeman commented 6 years ago

Here?

https://github.com/privacybydesign/irmago/blob/c39104ea139b5e4f79a5f4251d4af9818535daec/irmaclient/keyshare.go#L131

I missed that. This looked like a huge red flag. :)

It is a pretty scary database to manage anyway. Are you planning to store the keys on the device itself?

sietseringers commented 6 years ago

Yes, there.

It is a pretty scary database to manage anyway. Are you planning to store the keys on the device itself?

No, part of the reason why we created this keyshare server in the first place is exactly because we do not plan to do so. It is very difficult to practically store secrets across all possible mobile devices with sufficient safety, so we decided to store part of the device key (i.e. a keyshare) elsewhere instead (namely in this keyshare server). That was a difficult decision, but the sensitivity of the keyshares is migitated somewhat by the fact that the crypto is set up such that neither this keyshare server nor the IRMA app can act without the cooperation of the other. That is, even if you obtain someone's keyshare from this database it would be of no use to you unless you also obtain his phone.

sietseringers commented 6 years ago

By the way, thanks for looking at these things! 🙂

mmzeeman commented 6 years ago

Haha, I recently saw a presentation on IRMA and decided to take a look. It is really good that it is possible to see what is happening behind the scenes.