Re: pwsafe and OpenSSL?
On Fri, May 16, 2008 at 11:46:13PM +0200, Moritz Muehlenhoff <jmm@inutil.org> was heard to say:
> Daniel Burrows wrote:
> > I notice that pwsafe is linked against openssl. Is it affected by the
> > recent debacle and if so, how? Do I need to regenerate all my
> > randomized passwords, or somehow re-encrypt the pwsafe database?
>
> I've looked briefly into it: The Blowfish encryption key is constructed
> from a SHA1 built from an initial random value, two zero bytes and the
> passphrase. So if an unmodified database created using a broken libssl
> copy is exposed to an attacker, it's more open to brute forcing attempts,
> but still safe-guarded by the passphrase.
>
> Fortunately the random part is renewed whenever the database is saved.
> By my understanding - I don't use pwsafe myself - this should happen
> whever an entry is added or modified.
According to upstream, that's not enoguh :( -- you need to create a
new database and merge into it. It looks like someone has put this
information into the wiki already.
Also, that sinking feeling in my stomach was right: the random
passwords you generate in pwsafe were predictable with the broken
openssl. So anyone who's relied on the randomization feature of pwsafe
needs to reset all their passwords.
Daniel
Reply to: