You can then use that key as input to a KDF (with a per-entry salt) to derive the actual AES key used for each entry. These can derive a crypto key from a user password.
IV, GCM tag, etc.) How do you store and derive these passwords though? That will take you into key derivation functions, and password-based ones, like scrypt/bcrypt/argon2. Each cipher should use a unique per-instance instantiation as well (i.e. The key used to encrypt each ciphertext should probably be unique, to reduce any potential impacts of weaknesses in ciphers or cipher modes. Using AES in ECB mode isn't enough to prevent this! Lastpass appear to have done this in the early days). (Fewer people will think about this, but some will. The password should be encrypted such that if a password is re-used across websites, it is not discernable from the ciphertext that this is the case. But what about integrity? Should you use an authenticated cipher mode like GCM? What will you do if the authentication tag fails verification?
(That's fairly straightforward, most people are likely to agree on this). A password manager should protect the identity of the sites the user has saved, the content of the username and password field, and any associated notes. To give a couple of specific (but non-exhaustive) examples, generally framed in terms of password managers: This is usually where most implementers fall over (including the big commercial products). Understand (before you start writing code) the basic security properties that you want to deliver through use of cryptography.
0 kommentar(er)
