[pass] Pass leaks password lengths through file sizes

Mikhail Gusarov dottedmag at dottedmag.net
Sat May 10 14:47:00 CEST 2014

Adding a trailing line with a random number of space characters also can

Best regards,
Mikhail Gusarov.

On Sat, May 10, 2014 at 2:44 PM, Daniel Schoepe <daniel at schoepe.org> wrote:

> Hi,
> one reason for using a password manager that encrypts its password
> store is to avoid to keep the passwords safe even if the password store
> itself gets into the wrong hands (e.g. if a laptop is stolen and the
> user didn't use hard drive encryption).
> However, at the moment pass seems to leak the length of the passwords
> through the file size of the stored passwords. As far as I can tell
> the file sizes vary based on the length of the GPG key that is used,
> but are only dependent on the password length otherwise.
> For example, a one-character password encrypted with a 2048 RSA key
> results in a file size of 324 bytes, a five-character password generates
> a file that is 328 bytes long, etc.. I tested this with two different
> 2048 bit keys.
> Similarly, for 4096 bit RSA keys, password file sizes start at 580 bytes
> and increase by one byte per password character as well.
> If an attacker gets his hands on a password store, this could be
> problematic since it decreases the search space for passwords
> considerably; especially if they have some offline method of
> bruteforcing passwords (e.g. if they obtained the hash of a user's
> password from some database).
> I think this is an issue and should be fixed, even though all the fixes
> I can see would detract from the simplicity of the current implementation.
> One way to remedy this is the following: When adding a new password one
> could generate a random number of bytes and append that, along with
> information on how many junk bytes were added, to the entry and discard
> them when reading the password. This has the disadvantage of the files
> no longer being easily readable/usable without pass.
> I'd like to know if others also think that this is a security issue and
> if there are better ways of fixing it.
> Cheers,
> Daniel
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140510/c85865a2/attachment.html>

More information about the Password-Store mailing list