What other than 'password' do you have as a lock - key function in the World Wild Web? How KeePass is useful for you and me?
Key Protection against Dictionary Attacks
FACT
You
can't really prevent dictionary and guessing attacks: nothing prevents
an attacker to just try all possible keys and look if the database
decrypts. But what we can do (and KeePass does) is to make it harder:
by adding a constant time factor to the key initialization, with KeePass we can make them as hard as we want.
To generate the final 256-bit key that
is used for the block cipher, KeePass first hashes the user's password
using SHA-256, encrypts the result N times using the Advanced
Encryption Standard (AES) algorithm (called key transformation rounds
from on now), and then hashes it again using SHA-256. For AES, a random
256-bit key is used, which is stored in the database file. As the AES
transformations aren't pre-computable (key is random), an attacker has
to perform all the encryptions, too, otherwise he cannot try and see if
the current key is correct.
An attacker now needs much more time
to try a key. If he can only try a few hundred keys per second, a
dictionary attack is not practical any more.
By default, KeePass
sets N to 6000 encryption rounds (full encryptions are meant; N has
nothing to do with the internal encryption rounds of AES). This has
been done in order to provide compatibility with the PocketPC version
(PocketPC processors are slower, therefore the key computation takes
longer).
What KeePass does?
KeePass supports protection against guessing and dictionary attacks.
Protect your Password.
If you are using KeePass on PC only, it is highly
recommended to increase the number of key transformation rounds. You
can change the number in the database options dialog. Right of the
field for the rounds, you'll find a button. When clicking this button,
KeePass computes the rounds number that leads to a 1-second delay.
Waiting 1 second at database opening isn't a problem, but for an
attacker of course it is. But, the number can be freely set to a number
of your choice. The button only should give you a rough idea how many
rounds can be computed in 1 second on your computer.
This
protection feature is only useful when using master passwords; key
files are random anyway, there's no need to transform the key file
contents (guessing the key file contents is equally hard to a
brute-force attack on the final key).
KeePass uses
multi-threading to compute these rounds (the master key is split up to
two parts of 128 bits, which is the AES block size). On dual/multi core
processors, the computation can be twice as fast as on a single core
processor. Note the 1-second button in the database settings dialog
always shows the single core rounds number (the dual/multi core
optimization only affects the "real" transformation code, not the
benchmark).
On Fast Track
Detailed information about the security of KeePass.
* Database Encryption
* Hashing and Key Derivation
* Random Number Generation
* Protection against Dictionary Attacks
* Process Memory Protection
* Locking the Workspace
* Plugins
* Self-Tests
* References
Key Database Encryption
KeePass database files are encrypted. KeePass encrypts the whole database, i.e. not only your passwords. Your user names, notes, even the entry times and UUIDs, etc. are encrypted, too.
The databases are encrypted using one of the following block ciphers:
Cipher Block Size Key Size
Advanced Encryption Standard (AES / Rijndael) 128 bits 256 bits
Twofish 128 bits 256 bits
These algorithms are well-known, analyzed thoroughly and generally considered to be very secure by the cryptographic community.
KeePass 2.x Only
KeePass 2.x doesn't support Twofish, but additional encryption algorithms are available through plugins.
The block ciphers are used in the CBC (cipher-block chaining) block cipher mode. In CBC mode, plaintext patterns are concealed.
For both algorithms, a 128-bit initialization vector (IV) is generated randomly each time you save the database. This allows multiple databases to be saved using the same key without observable patterns being revealed.
Key Hashing and Key Derivation
In order to generate the 256-bit key for the block ciphers, the Secure Hash Algorithm SHA-256 is used. This algorithm compresses the user key provided by the user (consisting of password and/or key file) to a fixed-size key of 256 bits. This transformation is one-way, i.e. it is computationally infeasible to invert the hash or find a second message that compresses to the same hash.
Please note that the recently discovered attack against SHA-1 doesn't affect the security of SHA-256. SHA-256 is still considered as being secure.
Key Derivation:
If only a password is used (i.e. no key file), the password plus a 128-bit random salt are hashed using SHA-256 to form the final key (but note there is some preprocessing: Protection against Dictionary Attacks). This random salt prevents attacks that are based on pre-computed hashes.
When using both password and key file, the final key is derived as follows: SHA-256(SHA-256(password), key file contents), i.e. the hash of the master password is concatenated with the key file bytes and the resulting byte string is hashed with SHA-256 again. If the key file doesn't contain exactly 32 bytes (256 bits), they are hashed with SHA-256, too, to form a 256-bit key. The formula above then changes to: SHA-256(SHA-256(password), SHA-256(key file contents)).
Binary Random Number Generation
We need to generate several random bytes (for the IV, the master key salt, etc.). For this, several pseudo-random sources are used: current tick count, performance counter, system date/time, mouse cursor position, memory status (free virtual memory, etc.), active window, clipboard owner, various process and thread IDs, various window focus handles (active window, desktop, ...), window message stack, process heap status, process startup information and several system information structures. Additionally, KeePass uses random bytes provided by the system's default CSP RNG.
This pseudo-random data is collected in a random pool. To generate 16 random bytes, the pool is hashed (SHA-256) with a counter to form the final 16 random bytes. The counter is increased after 16 generated bytes. This way, we can efficiently produce as many secure random bytes as we need.
KeePass supports protection against guessing and dictionary attacks.
Source:
Security - KeePass
with
Dr. Ashok Koparday
Monday, January 12, 2009
how-to-password-protect-best-security-10
Posted by Unknown at 11:27 PM
Labels: Advanced Encryption Standard, AES, Block cipher modes of operation, Cryptography, Encryption, KeePass, Security, SHA hash functions
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment