search

trussed-dev / trussed-auth

Authentication extension and backend for Trussed
1 stars 3 forks source link

Increase hash rounds for PIN-based KDF #34

Closed szszszsz closed 1 year ago

szszszsz commented 1 year ago

Currently only one HMAC round is run during KDF for the PIN-based encryption key. It should be increased as much as possible, to extend time needed for the brute-force hashing attacks aiming for the key recovery.

https://github.com/trussed-dev/trussed-auth/blob/main/src/backend/data.rs#L471-L479

sosthene-nitrokey commented 1 year ago

This should not be the device's job.

Increasing the number of hash rounds is a compromise between slower verification and slower brute force attacks. Since the SOC we use are much much slower than any hardware an attacker would use, unlocking the PIN would have to take minutes to barely slow down an attacker.

Ideally the host would deal with this, through some mechanism like KDF-DO, since the host generally has much more computing power than the device. The host also has significantly much more RAM, which means it can use memory-hard and cache-hard functions like Argon2 rather than just running HASH rounds.

szszszsz commented 1 year ago

I agree it should not be, but it is. Should we disable opcard's non-KDFDO use then? Edit: what about PIV?

sosthene-nitrokey commented 1 year ago

PIV doesn't have that kind of functionality

szszszsz commented 1 year ago

Yup, I know. Just showing, that not all apps have it available.

sosthene-nitrokey commented 1 year ago

It still doesn't make it useful to do it on the device.

szszszsz commented 1 year ago

Can you support your claim?

szszszsz commented 1 year ago

After discussion, this is not a goal of this backend, as it is rather intended to focus cooperating with the security element instead. Closing as won't fix.