twofas / 2fas-android

Source code for 2FAS Android app
GNU General Public License v3.0
1.01k stars 73 forks source link

Encryption of secret keys using a master pass #128

Open H-Ir opened 9 months ago

H-Ir commented 9 months ago

Feature description

Please add another option for users who want more security. Instead of using a PIN code, they can set a master password for the app to encrypt all secret keys using that master key.

Motivation

I asked a question from you, but your answer does not convince me. When an attacker gains physical access to the device, the only thing needed is a root exploit. After that, the attacker can read all sandboxed private files of the app. Even if the app has turned on the encryption mechanism of the Android OS, after removing the lock screen (which is simple using some tools) and gaining root access, the attacker can read the hardware TEE keys that the OS uses for encryption. The only way to ensure maximum security is encryption with AES-like algorithms by a master password.

When an attacker has root privileges, they have everything! Currently, the legal and possible way of gaining root access is to unlock the bootloader, which causes a factory reset. However, using an exploit to gain temporary root access without unlocking the bootloader is the way to access that data

Acknowledgements

Tipoff4317 commented 9 months ago

Probably the same as https://github.com/twofas/2fas-android/issues/47, where the developer says they already have a plan but there is no date.

H-Ir commented 9 months ago

Consider that from marketing perspective this is a unique feature for your app. Also consider that the main goal of your app is security because it provides the security. So you should secure it as much as possible.

Currently you have the similar mechanism for google drive backup, you can use it.

H-Ir commented 9 months ago

Probably the same as #47, where the developer says they already have a plan but there is no date.

The issue #47 only requests password instead of pin, but i request for encryption by password.

bdurrer commented 8 months ago

Without wanting to sidetrack this, I would like to mention that this is best combined with options to "unlock once per session" or "unlock at leas tonce after boot" ability, like iOS has for their own keystore. Most people do not want to type a password 10 times per day, but still like it when a stolen device is secure

This kinda suggests that there is or should be an internal master key to actually decrypt and 1-N ways to unlock this master key, e.g. a password, biometrics, or the much less secure pin