-
Notifications
You must be signed in to change notification settings - Fork 13
Authentication
The user master password never touches the disk, it's kept encrypted in-memory inside a protected buffer, see memory security for more details. Also, passwords are never echoed when required and they are compared in constant-time.
The user can opt to use a key file or not, in case it's used, it will be appended to the master password before the argon2id key derivation function.
The first time a user accesses the database, a 256-bit random key is encrypted and stored in the database. Every login after the registration, kure will take the user credentials and try to decrypt the key, if the decryption is successful, the user gets access.
This key is known as the authentication key and is used to encrypt names and validate login attempts, but not to encrypt records.
Remember: the stronger your master password, the harder it will be for the attacker to get access to your information.
kure uses the Argon2 with the id version as the key derivation function, which utilizes a 32-byte salt along with the master password and three parameters: memory, iterations and threads to generate a 256-bit key. These parameters can modified by the user on registration/restoration.
When encrypting a record, the salt used by Argon2 is randomly generated and appended to the ciphertext, everytime the record is decrypted, the salt is extracted from the end of the ciphertext and used to derive the key.
Every record is encrypted using a unique password, protecting the user against precomputation attacks, such as rainbow tables.
Regarding the values used for the parameters, the Argon2 Specs, specificy in section 9 Recommended Parameters a series of steps to determine which values are suitable for practical use.
If one of the devices that will handle the database has 1GB of memory or less, we recommend setting the memory value according to that device's RAM availability.
Different Argon2 parameters can be tested on your computer by using the
kure config argon2 test
command.
The Argon2id variant with 1 iteration and maximum available memory is recommended as a default setting for all environments. This setting is secure against side-channel attacks and maximizes adversarial costs on dedicated bruteforce hardware.
This parameter represents the amount of memory the algorithm is allowed to use, the more memory the better.
If one of the devices that will access the information has lower than 1GB of memory, we recommend setting the memory according to that device RAM availability. Otherwise, default values should be fine.
The value is represented in kibibytes, 1 kibibyte = 1024 bytes.
Default is 1048576 kibibytes (1 GiB).
Number of passes over the memory. The running time depends linearly on this parameter. Default is 1.
Number of threads running in parallel.
Default is the maximum number of logical CPUs usable.
Key files are a two-factor authentication method for the database, where the user is required not only to provide the correct password but also the path to the key file, which contains a key that is combined with the password to encrypt the records.
Using a key file is optional as well as specifying the path to it in the configuration file (if it isn't specified, it will be requested every time you try to access the database).
The key file should be as safe as possible and with a limited access. Preferably stored in an external device.
- kure config argon2 - display the values of the parameters that are being used for the key derivation.
- kure config argon2 test - test argon2 performance on your machine.
- kure restore - re-encrypt all the records with new credentials.
kure - Cross-platform command-line password manager with sessions.