Author Topic: aes key size  (Read 9287 times)

frederic

  • Guest
aes key size
« on: December 02, 2005, 10:46:46 AM »
These are not bugs that prevent the usage of PasswordMaker, but I investigated the encryption of the master password when stored on disk to see if I could recover it (I typed it once and even forgot about it a few months after... :-).

First, the aes encryption key is not 256 bits as advertised at https://passwordmaker.org/passwordmaker.html but only 128 bits as set in variable keySizeInBits in aes.js. As a proof, the key stored on disk is only 32 characters (16 hex bytes or 128 bits).

Second, the key is only made of digits in the range 0 to 9 and not hexadecimal digits. It reduces the key space.

Although it would not improve the security of the master password if all the key space and aes-256 were used, it may be a concern if they are reused in some other part of the code that should be more secure...

Frederic

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
aes key size
« Reply #1 on: December 02, 2005, 04:37:18 PM »
Hello Frederic,

I have changed https://passwordmaker.org/passwordmaker.html (and the associated downloadable zip archive)  to read "AES-128" instead of "AES-256". Thanks for pointing it out.

Can you explain why hexadecimal should be used instead of decimal? I don't see how one is better than the other.

Thank you,
Eric
« Last Edit: December 02, 2005, 04:38:20 PM by Eric H. Jung »

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1158
  • Programmer
aes key size
« Reply #2 on: December 02, 2005, 05:27:49 PM »
Quote
Second, the key is only made of digits in the range 0 to 9 and not hexadecimal digits. It reduces the key space.

I should examine the code a little more as see what he's talking about. But the part I highlight is the point he's making I think.
"I'm not drunk, just sleep deprived."

Guest

  • Guest
aes key size
« Reply #3 on: December 05, 2005, 08:17:39 AM »
Quote
Can you explain why hexadecimal should be used instead of decimal? I don't see how one is better than the other.
If you limit the keys you use to a subset of all the possibilities, then any attacker can do the same and a brute force attack is simplified. The time it takes for a brute force attack to succeed can be smaller than expected (10/16  in this case which is still 1E21 years with a single average PC but not the maximum allowed by AES).

As I noted, it won't improve much the security of the master password on disk if you use all the hex digits since a brute force attack is not necessary to get to it. But if the same algorithm is used somewhere else to generate a key in PasswordMaker (I admit I haven't checked it) and the security is an issue, then there is room for a simple security improvement.

Frederic

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
aes key size
« Reply #4 on: December 05, 2005, 08:49:47 AM »
I am updating the code at https://passwordmaker.org/passwordmaker.html to use all 16 digits for the key.

Quote
But if the same algorithm is used somewhere else to generate a key in PasswordMaker (I admit I haven't checked it) and the security is an issue, then there is room for a simple security improvement.
Yes, it is used in all editions whenever the user chooses to save the master password to disk. I'll update the algorithm there, too.

Thanks,
Eric

PasswordMaker Forums

aes key size
« Reply #4 on: December 05, 2005, 08:49:47 AM »