Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issue in encryption key derivation? #638

Open
ianlevesque opened this issue Nov 13, 2022 · 1 comment
Open

Security issue in encryption key derivation? #638

ianlevesque opened this issue Nov 13, 2022 · 1 comment

Comments

@ianlevesque
Copy link

I was trying to understand the encryption code in duplicacy and its handling of the many keys stored in the config file when I discovered something unexpected here:

hasher := chunk.config.NewKeyedHasher([]byte(derivationKey))
hasher.Write(encryptionKey)
key = hasher.Sum(nil)

For some reason this code is using the 'derivation key', which for things like snapshots is just a plaintext file path, as the secret key for Blake2b, and then digesting the encryptionKey to get the combined key. I would have expected the opposite, using the encryptionKey as the secret key for Blake2b, and then digesting the path. Indeed the wiki page on encryption here https://github.com/gilbertchen/duplicacy/wiki/Encryption states:

"The snapshot is encrypted by AES-GCM too, using an encrypt key that is the HMAC-SHA256 of the file path with the File Key as the secret key."

Which is precisely the opposite of what the code actually does. Worse, it looks like this may have led to issues in the past, specifically this commit d330f61 - which would never have been an issue if the construction wasn't backwards.

I am not sure how exploitable this is, I hope it isn't, but it's a pretty big code smell in the middle of the encryption code.

@gilbertchen
Copy link
Owner

This issue has been mentioned on Duplicacy Forum. There might be relevant details there:

https://forum.duplicacy.com/t/encryption-key-derivation/7406/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants