Pass DBs reveal password lengths + PEBKAC issue
Thibault Polge
thibault at thb.lt
Thu Feb 23 14:51:15 CET 2017
Hi,
I'm not sure, but I believe that `pass`, in its behavior and its
documentation, has some relatively minor security issues which should
probably be addressed. I'm sorry I really won't have time to do any
work on them, but I thought it would be better to report them anyway.
1. pass adds absolutely no padding to encrypted keys. The size of one
of its *.gpg file is thus in a direct relation with the length, in
bytes, of the cleartext password. More specifically, for a given
key size, the length in bytes of the encrypted password is (gpg file
size) - n, where n is a constant which depends only on the size of
the key. For example, with a 4096 bits key, n is 579. An empty
password is stored in a 579 bytes long file, a 10-bytes password in
a 589bytes files, and so on.
This directly violates the (reasonable) assumption that access to
the cyphertext should bring no usable information about the
plaintext. In the case of password, I believe length counts as
usable information.
The consequence is a serious reduction of the complexity of
brute-force attacks, especially when the attacker has some knowledge
of how the user generates their passwords: I haven't done the math,
but knowing the length of a Diceware password probably seriously
reduces the # of candidates.
This issue can be mitigated by adding a padding of random length
somewhere around the passwords. A possible workaround would be to
append "\n" followed by n spaces to the password, where n is a
random number between, say, 1024 and 2048.
2. The documentation does nothing to let users know of this limitation,
and thus some users push their password repositories on public git
hosting sites, like GitHub. Yes, this is obviously PEBKAC, but I
believe that until the previous issue has been addressed (and even
after that, IMHO), users should be *explicitly* warned against
pushing their pass repositories to any public location. An example
of such a repository can be found here:
<https://github.com/RaymondSchnyder/PassDB>, and others can easily
be found with this GitHub search:
<https://github.com/search?utf8=%E2%9C%93&q=*.gpg+diff%3Dgpg&type=Code&ref=searchresults>.
Thanks to all for this great tool, and my apologies if these problems
have already been reported.
Thibault.
More information about the Password-Store
mailing list