Categories
Cryptography

Improving storage of password-encrypted secrets in end-to-end encrypted apps

Many apps with client-side encryption that use passwords derive both encryption and server authentication keys from them.

One such example is Bitwarden, a cross-platform password manager. It uses PBKDF2-HMAC-SHA-256 with 100,000 rounds to derive an encryption key from a user’s master password, and an additional 1-round PBKDF2 to derive a server authentication key from that key. Bitwarden additionally hashes the authentication key on the server with 100,000-iteration PBKDF2 “for a total of 200,001 iterations by default”. In this post I’ll show you that these additional iterations for the server-side hashing are useless if the database is leaked, and the actual strength of the hashing is only as good as the client-side PBKDF2 iterations plus an AES decryption and one HMAC. I will also show you how to fix this.

Categories
Announcements

My book on password authentication is out

I’m super excited to announce that my book, Password authentication for web and mobile apps, is out! I have a lot more to say about why I decided to write it and what the writing and publishing process was in future blog posts. Meanwhile, if you’re a developer who wants to understand password authentication and implement it for your web site or your app, please check it out: https://dchest.com/authbook/

Categories
Tools

Synchronizing Android and macOS with Nextcloud

Google and Microsoft are further along on the technology, but haven’t quite figured it out yet – tie all of our products together, so we further lock customers into our ecosystem.

Steve Jobs

We may suspend or stop providing our services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct.

Google

I recently set up my own Nextcloud server to synchronize contacts, calendars and files between my laptop and Android smartphone without intermediaries, as an experiment. Here are the client tools I used.

Categories
Security

Securing Go web applications

There are lots of security-related things to keep in mind when writing a web application, as the Web is a place full of danger: cross-site scripting (XSS), cross-site request forgery (CSRF), clickjacking, brute forcing, spam and so on.

Go gets many things right by default: for example, templates from the standard library make it hard to accidentally introduce XSS vulnerabilities. But what about other attacks? Fortunately, there are a few open source Go packages that can help us.