Re: pwsafe and OpenSSL?
On Fri, May 16, 2008 at 11:46:13PM +0200, Moritz Muehlenhoff <email@example.com> was heard to say:
> Daniel Burrows wrote:
> > I notice that pwsafe is linked against openssl. Is it affected by the
> > recent debacle and if so, how? Do I need to regenerate all my
> > randomized passwords, or somehow re-encrypt the pwsafe database?
> I've looked briefly into it: The Blowfish encryption key is constructed
> from a SHA1 built from an initial random value, two zero bytes and the
> passphrase. So if an unmodified database created using a broken libssl
> copy is exposed to an attacker, it's more open to brute forcing attempts,
> but still safe-guarded by the passphrase.
> Fortunately the random part is renewed whenever the database is saved.
> By my understanding - I don't use pwsafe myself - this should happen
> whever an entry is added or modified.
According to upstream, that's not enoguh :( -- you need to create a
new database and merge into it. It looks like someone has put this
information into the wiki already.
Also, that sinking feeling in my stomach was right: the random
passwords you generate in pwsafe were predictable with the broken
openssl. So anyone who's relied on the randomization feature of pwsafe
needs to reset all their passwords.