Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptographic API Misuse Vulnerability: Do not use zero or constant salts for PBE #347

Open
gxx777 opened this issue Nov 8, 2023 · 5 comments
Open

Cryptographic API Misuse Vulnerability: Do not use zero or constant salts for PBE #347

gxx777 opened this issue Nov 8, 2023 · 5 comments
Labels
bug

Comments

@gxx777
Copy link

gxx777 commented Nov 8, 2023

Hello!
First and foremost, I would like to express my sincere gratitude for your contributions to this project.

Description:

I have identified a security vulnerability in the electrum-nmc project's that uses insecure salts for PBKDF for key derivation by our cryptographic api misuse detector. Specifically, the use of zero and constant salts in the key derivation function compromises the strength of the derived keys. Salts in PBE schemes are crucial for adding entropy and preventing attacks such as rainbow table attacks.

Locations:

https://github.com/namecoin/electrum-nmc/blob/master/electrum_nmc/electrum/plugins/digitalbitbox/digitalbitbox.py#L135
https://github.com/namecoin/electrum-nmc/blob/master/electrum_nmc/electrum/storage.py#L149

References:

CWE-330: Use of Insufficiently Random Values
CWE-326: Inadequate Encryption Strength

Recommendations:

Modify the PBE process to generate a secure random salt for each encryption operation.
for example

import os
salt = os.urandom(16)  # 16 bytes (128 bits) is a common choice for a salt length.

Immediate attention to this issue is recommended to maintain the privacy and security of electrum-nmc users.
@JeremyRand
Copy link
Member

Thank you for the report. As best I can tell, this is not an issue with our code, but rather with upstream Electrum: the vulnerable line is exactly the same in upstream: https://github.com/spesmilo/electrum/blob/f708e7f03edb155d45416ba77b760d8a00cb6055/electrum/storage.py#L169 .

If you concur that upstream is equally affected, could you please notify upstream, and let me know when a fix is available that I can pull in?

If you believe Electrum-NMC is uniquely affected, could you please explain why?

@JeremyRand JeremyRand added the bug label Nov 8, 2023
@gxx777
Copy link
Author

gxx777 commented Nov 8, 2023

Thank you for your response. I have already reported this issue to the upstream Electrum, but they haven't responded yet. I will notify you as soon as I receive a response from them.

@JeremyRand
Copy link
Member

Great, thanks.

@SomberNight
Copy link

I have already reported this issue to the upstream Electrum, but they haven't responded yet.

Hey. Not sure where you reported it, I haven't seen it. Anyway, you are correct that the KDF is weak. It is a known issue, tracked here: spesmilo#3147 (re storage.py)

Re digitalbitbox.py, that is out of scope; it is up to the respective hw manufacturer to choose that KDF.

@gxx777
Copy link
Author

gxx777 commented Nov 8, 2023

I have already reported this issue to the upstream Electrum, but they haven't responded yet.

Hey. Not sure where you reported it, I haven't seen it. Anyway, you are correct that the KDF is weak. It is a known issue, tracked here: spesmilo#3147 (re storage.py)

Re digitalbitbox.py, that is out of scope; it is up to the respective hw manufacturer to choose that KDF.

Thanks for response.I have sent an email to ThomasV according to security policy two days ago. And also with another weak hash issue.By the way, I will see the detail about KDF issue tomorrow,it's midnight here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JeremyRand @SomberNight @gxx777