confkey and reducedinfo

[BenjaminHae]

May I remove confkey and reducedinfo? They both just seem to add some obscurity which doesn't really increase security. In the case of reducedinfo I even suspect that it reduces the size of the space of possible keys for the pbkdf2 algorithm so in the end we get less entropy for the key and thus make it (a little bit) easier to break.

[zeruniverse]

I think when I designed this, I tried to avoid brute-force attack. Users might use weak login passwords. In this case, even if the attacker logs in, he doesn't know whether the retrieved password is correct.

On Sat, May 13, 2017 at 10:13 PM Benjamin Häublein notifications@github.com wrote:

May I remove confkey and reducedinfo? They both just seem to add some obscurity which doesn't really increase security. In the case of reducedinfo I even suspect that it reduces the size of the space of possible keys for the pbkdf2 algorithm so in the end we get less entropy for the key and thus make it (a little bit) easier to break.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/175, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNMzAml__yZTx4Dwou4QitGToKIYtks5r5bqMgaJpZM4NaFTZ .

[BenjaminHae]

As far as I can tell the reducedinfo is used to both authentication and for generating the key, so in case an attacker logs in he automatically has access to everything. For accessing the data it won't make a difference if he has got the correct password or a collision.

[zeruniverse]

I think the confkey used the original password.

[BenjaminHae]

Confkey is only used in get_orig_pwd and gen_temp_pwd which look like implementations of the caesar cipher or something related?

[zeruniverse]

It's remapping characters in passwords. So the one decrypted from AES is not immediately correct

[zeruniverse]

If you have more questions, please reopen it.