Skip to content

Argon2 + encryption changes #395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Jan 28, 2020
Merged

Argon2 + encryption changes #395

merged 28 commits into from
Jan 28, 2020

Conversation

mymindstorm
Copy link
Member

@mymindstorm mymindstorm commented Oct 20, 2019
edited
Loading

Fixes #370, #366, and #387

Changes:

  • key contains random key to encrypt entries with. key is encrypted with password.
  • key is hashed with argon2 and is checked on password entry.
  • entry.hash is now a random UUID. Entries hashes are changes when migrating to key format and when changing password.
  • No cookie again. Cookies can be saved to disk even if we only use a session cookie (MDN, decrypt password not requested after browser shutdown #387). We can't control whether the cookie will be saved to disk or not. The data we put in the cookie should never be saved to disk, and if we can't control that with cookies we shouldn't use them.
  • Instead of re-checking the hash of every entry every time an entry is deleted or added, it will only check hash on decrypt.
  • When updating / deleting entries it will make changes in application state instead of making the changes in storage and reloading everything.

@mymindstorm
add argon2-browser dependency
b54b26b
@mymindstorm
wrapper argon2-browser
49e78c6
@mymindstorm
argon2 for new accounts and imports
cb77e07
@mymindstorm
forgot an await
d6ea8c5
@mymindstorm
migrate
193eac1
@mymindstorm
fix performance issue
ba2adb6
@mymindstorm
update argon2 and types
b00a276
@mymindstorm
- remove the need for encryption where it wasn't needed
db657f7 
- Optimize adding & deleting (using state instead of reloading and checking the hash again)

- Use 16 KiB memory + Argon2di
@mymindstorm
don't animate password prompt
ff84135
@mymindstorm
hash mem 16 KiB => 8 KiB
78e1d30 
11 entries takes about 500ms with 16KiB, 8 KiB takes about 300ms
@mymindstorm
fix password change not working
b03fcad 
empty backup with no password fix
@mymindstorm
no cookie again. developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Se…
70e6ecd 
…ssion_cookies
@mymindstorm
migrate to key based system
cdc397e
@mymindstorm
add hash
31cc098
@mymindstorm
fix bug
6d0b41e
@mymindstorm
entry hash -> uuid
7931b86
@mymindstorm
password hash check + warning
67d3b9c
@mymindstorm
add key to backup
6198965
@mymindstorm
update argon2-browser
b7fa05f 
up the hasing memory to 16
@mymindstorm
remove argon.hash
cda3114
@mymindstorm
Sandbox argon2 in Chrome
ce43fb7 
Chrome does not allow webassembly without adding 'unsafe-eval' to CSP.
@mymindstorm
- show pass if key in storage
b8a8f88 
- change password
@mymindstorm
import
287627b
@mymindstorm mymindstorm requested a review from Sneezry October 20, 2019 22:18
@mymindstorm mymindstorm mentioned this pull request Oct 30, 2019
Merged
This was referenced Nov 14, 2019
Closed
Closed
@mymindstorm mymindstorm mentioned this pull request Dec 10, 2019
Closed
@mymindstorm
fix #412 (#413)
bd6ed29 
* fix #412

* review fixes
@mymindstorm
Copy link
Member Author

@Sneezry this has been sitting for a while, do you plan to review this?

@Sneezry
Copy link
Member

Sneezry commented Jan 16, 2020
edited
Loading

It's a little long story, and I think we may go back one step.

Why we use secret hash?

When I first design data structure of secret, I use secret hash as key of the dictionary. Because Chrome supports to update part of data by specific key if the data is a dictionary map. So I think if we should always update the entire data (#412), secrest hash is not required. And if so, Argon2 may be not required either?

Event page vs background page

Browser extension should be as lite as possible, and take seriously with background page. I still concern if it is worth to use a background page on user side. I understand we should always pay attention to security, however, there should be a balance.

What I suggest

Use an array to store secrets instead of dictionary maybe a good direction. To security, if we have to use background page, maybe we can dispose all events when user close the popup page.

@mymindstorm
Copy link
Member Author

Secret hashing

argon2 is only used to check the hash of key to make sure the correct password was entered. The purpose of using argon2 is to improve the security of our hashes as argon2 hashes are significantly harder to brute force.

Entries aren't hashed anymore and just get random identifiers (uuidv4) for their keys. It is unnecessary (and very slow with argon2) to hash individual entries as long as the key hash is validated properly.

Cost of using persistent background page

I profiled the background page's memory cost in Firefox. It uses somewhere between 1-2 MB. In a blank profile extensions normally use ~25 MB. In my normal profile extensions (not even counting normal web content) use between 120-250 MB. The memory cost low compared to other extensions already and is negligible compared to the security benefit this provides.

image

Suggestions

Use an array to store secrets instead of dictionary maybe a good direction.

Sounds like a good idea, this would let us move user config out of localstorage. Other than that, I don't really see that many reasons to move away from the current system. The secret hash problem should be solved by using uuids already.

To security, if we have to use background page, maybe we can dispose all events when user close the popup page.

If 1 MB of background page is too much, the alternative is to forget the user's password every time the popup page is closed. 1-2 MB really isn't that much for a web browser (mine is using over 0.5 GB right now!), and as long as we don't have the background page do too much it should be fine.

@Sneezry
Copy link
Member

Sneezry commented Jan 17, 2020

used to check the hash of key to make sure the correct password was entered.

This is the P1 feature we should have.

If 1 MB of background page is too much...

I checked that in Chrome Task manager, and it costs ~25MB, maybe Firefox can handle background better. If we can dispose the listener when popup is closed, it could be good.

OK, then I think this PR is worth to merge, let's release it.

@mymindstorm
Copy link
Member Author

dispose the listener when popup is closed

I don't fully understand what you mean here. Am I understanding it correctly to mean set persistent: false or do you mean use removeEventListener?

It looks like chrome dedicates an entire process for each extension. It brings in ~20 MB of runtime stuff.

@Sneezry
Copy link
Member

Sneezry commented Jan 18, 2020

removeEventListener is what I mean😄

However, I have no idea how much benefit could we get from that if most memory is brought by runtime.

mymindstorm and others added 4 commits January 25, 2020 13:52
@mymindstorm
Fix #414 (#419)
71cef1e 
* remove validity checks in getDecryptedSecret

* add length check to manual add account page

* Revert "remove validity checks in getDecryptedSecret"

This reverts commit a396de3.
@mymindstorm
Merge branch 'dev' into argon2
3c0ac6a
@mymindstorm
Update webpack.config.js
352d320
@mymindstorm
fix type error
2fb3ddd
@mymindstorm mymindstorm merged commit 2ed002e into dev Jan 28, 2020
@mymindstorm mymindstorm deleted the argon2 branch January 28, 2020 01:04
@mymindstorm mymindstorm mentioned this pull request Jan 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sneezry Sneezry Sneezry approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mymindstorm @Sneezry