search

namecoin / electrum-nmc

Namecoin port of Electrum Bitcoin client.
https://www.namecoin.org/
MIT License
29 stars 24 forks source link

Cryptographic API Misuse Vulnerability: Do not use zero or constant salts for PBE #347

Open gxx777 opened 8 months ago

gxx777 commented 8 months ago

Hello! First and foremost, I would like to express my sincere gratitude for your contributions to this project.

Description:

I have identified a security vulnerability in the electrum-nmc project's that uses insecure salts for PBKDF for key derivation by our cryptographic api misuse detector. Specifically, the use of zero and constant salts in the key derivation function compromises the strength of the derived keys. Salts in PBE schemes are crucial for adding entropy and preventing attacks such as rainbow table attacks.

Locations:

https://github.com/namecoin/electrum-nmc/blob/master/electrum_nmc/electrum/plugins/digitalbitbox/digitalbitbox.py#L135 https://github.com/namecoin/electrum-nmc/blob/master/electrum_nmc/electrum/storage.py#L149

References:

CWE-330: Use of Insufficiently Random Values CWE-326: Inadequate Encryption Strength

Recommendations:

Modify the PBE process to generate a secure random salt for each encryption operation. for example

import os
salt = os.urandom(16)  # 16 bytes (128 bits) is a common choice for a salt length.

Immediate attention to this issue is recommended to maintain the privacy and security of electrum-nmc users.

JeremyRand commented 8 months ago

Thank you for the report. As best I can tell, this is not an issue with our code, but rather with upstream Electrum: the vulnerable line is exactly the same in upstream: https://github.com/spesmilo/electrum/blob/f708e7f03edb155d45416ba77b760d8a00cb6055/electrum/storage.py#L169 .

If you concur that upstream is equally affected, could you please notify upstream, and let me know when a fix is available that I can pull in?

If you believe Electrum-NMC is uniquely affected, could you please explain why?

gxx777 commented 8 months ago

Thank you for your response. I have already reported this issue to the upstream Electrum, but they haven't responded yet. I will notify you as soon as I receive a response from them.

JeremyRand commented 8 months ago

Great, thanks.

SomberNight commented 8 months ago

I have already reported this issue to the upstream Electrum, but they haven't responded yet.

Hey. Not sure where you reported it, I haven't seen it. Anyway, you are correct that the KDF is weak. It is a known issue, tracked here: https://github.com/spesmilo/electrum/issues/3147 (re storage.py)

Re digitalbitbox.py, that is out of scope; it is up to the respective hw manufacturer to choose that KDF.

gxx777 commented 8 months ago

I have already reported this issue to the upstream Electrum, but they haven't responded yet.

Hey. Not sure where you reported it, I haven't seen it. Anyway, you are correct that the KDF is weak. It is a known issue, tracked here: spesmilo#3147 (re storage.py)

Re digitalbitbox.py, that is out of scope; it is up to the respective hw manufacturer to choose that KDF.

Thanks for response.I have sent an email to ThomasV according to security policy two days ago. And also with another weak hash issue.By the way, I will see the detail about KDF issue tomorrow,it's midnight here.