-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decrease number of kdf iterations in pfs database #1343
Conversation
Pull Request Checklist
|
e2f9460
to
7ac63cd
Compare
On the other hand, we also have realm db on the client side, and this one is encrypted via So the question is what should be done herea. let's decrease the number of iterations to 3200, that's fine for now (still doesn't make too much sense IMO because of account's keystore, the attacker isn't going to brute-force this db now anyway) |
@rasom @cammellos are the messages from PFS-protected chats also stored in the realm DB? |
@mandrigin yep i think so, not 100% sure though |
If the messages plaintexts are stored in Realm anyway, is there a point to protect the SQLite DB better? |
They are, unless the user removes them. Personally I don't find the argument "other part of the app have lower security" convincing, as argument to reduce current security of the app. if anything we should improve security in the rest of the app, not lowering it. Performance of slower devices is a fair trade-off so lowering the value it's a choice, removing it completely does not make much sense. To go into the specifics, there are quite a few cases where having a stronger encryption on this db might just be what prevents a successful attack, even if the rest is compromised. Mind that this keys are used for data transferred on the wire, locally you always have the option to delete the deciphered text (messages), while ciphertext transferred on the wire anyone can intercept and keep indefinitely. Say you deleted compromising messages on your phone, and someone has physical access to your phone. If they can break in to realm database, they won't be able to retrieve the compromising messages. But if they have been collecting previous messages (trivial) and they bruteforce the sqlcipher db then they have access to the compromising texts. Anyone using status-go as well without using status-react would also be affected. It's not clear to me what the argument to remove is, are we still not happy with the performance on slower devices? |
Basically the assumption that anything confidential is stored in realm, is just not true currently (messages can be deleted), and likely won't hold in the future (confidential info might be sent but not stored). |
@corpetty probably you might want to join the conversation |
arguments to remove:
easy to solve in API, we can explicitly tell users when the key will be derived or when a raw key will be used. No problem to use |
Fair enough, my understanding was that only slow devices were affected.
That sounds reasonable, but then let's just do that and we can remove it, I'd say |
galaxy S9 samsung a500h |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this doesn't directly affect the user's password or key derivation outside of this DB, and this is only hardening the DB from other content unlocked by user's password. I am ok with this. Furthermore, the password being iterated is not the user's password, but it's hash.
I am not ok with the removal of the iterations.
7ac63cd
to
293a30e
Compare
`kdf_iter` parameter is reduced to 3200. This change is done because of performance reasons, currently key derivation is too slow on some mobile devices. The number of iterations before this commit is 64000, default value in `sqlcipher` from version `3.0.0`. https://github.com/sqlcipher/sqlcipher/blob/fda4c68bb474da7e955be07a2b807bda1bb19bd2/CHANGELOG.md#300---2013-11-05 Implementation: `sqlcipher_export` is used for migration, check out the link below for details https://www.zetetic.net/sqlcipher/sqlcipher-api/#sqlcipher_export
293a30e
to
a2d3b5d
Compare
PFS database key is derived via
pbkdf
which runs 64000 iterations ofsha1
. This makesLogin
call quite slow on android devices (probably on iOS too, but it didn't work on iOS).This PR changes the number of iterations to 3200, and, well, makes it faster. The problem is that from security pov key becomes kind of weaker( currently, that's probably not the case as the same key is used for keystore file and it can be encrypted way faster, so no point in brut-forcing pfs database key at all).
Migration is done using
sqlcipher_export
command.