[aerogear-dev] Should encrypted store fail to open when passphrase is wrong?

Tadeas Kriz tkriz at redhat.com
Tue Jan 21 09:18:29 EST 2014 

On 21 Jan 2014, at 13:54, Bruno Oliveira <bruno at abstractj.org> wrote:

> 
> --  
> abstractj
> 
> On January 20, 2014 at 3:00:54 PM, Tadeas Kriz (tkriz at redhat.com) wrote:
>> 
>> Hey,
>> 
>> I know we’ve been discussing this before, but with no solution.  
>> I myself think, that the store should fail to open when the passphrase  
>> is wrong, because that’s where you’d like to have your “try ..  
>> catch ..” to handle the problem, not elsewhere, when you want  
>> to actually read/write/delete from the store, that’s just not  
>> very user friendly.
>>  
>> If the answer to that is YES, then the next question is, how to decide 
>> when the passphrase is right and when it isn’t. Again I’ll write 
> 
> Like I mentioned here (https://issues.jboss.org/browse/AGDROID-173), our goal to the very initial release was not to make anything perfect, but lay down the groundwork for encryption. So if you where you read “Experimental”, by that means, not perfect.
> 
> Offline authentication didn’t start yet, so that might happen. The API will be user friendly when become stable.

On one side, the API for DataManager is considered stable, because changing it is postponed for version 2.0.0, but on the other hand it’s not stable? I’m a bit confused right now. I completely agree with the decision to not change the DataManager API before 2.0.0, but that means the API should be almost perfect and the implementation might not be as good, because the implementation can be improved overtime.

>> more ways I’ve got on mind, that’d solve this. Important is, that  
>> none of them actually stores the passphrase!
>>  
>> On each call of ‘open()’:
>> 1. do ‘readAll()’ to ensure the passphrase is right. Basically,  
>> that’s what user has to do now to find out if the passphrase is right.  
>> 
>> 2. read the first row and if the read is successful, then the passphrase  
>> is right. In this case, we’d have to be 100% sure that there is no  
>> way to put data into the store with different key and thus all the  
>> rows are encrypted with the same passphrase.
> 
> We are aware of it, at the same time we didn’t add support for querying into the database. That’s planned, but not atm. Our focus was data encryption, optimizations will come with the next releases, for this reason a jiras like this existhttps://issues.jboss.org/browse/AGSEC-137 
> 

I’m not talking about optimisations there. The whole problem is about developer’s experience. Like I wouldn’t like to have to add try .. catch .. everywhere I’d like to read/save/delete from encrypted database, that’s just not cool.

>> 
>> 3. Save some metadata for each data model, that would be encrypted  
>> with the same passphrase and we’d read them and if successful,  
>> the passphrase is right. This has two possible implementations.  
>> 
>> a. The first row in the data model table would be reserved for the  
>> metadata, so the verification would work similarly to the option 
>> 2.
>> 
>> b. There would be separate table, in which we’d add a row for each  
>> data model table. Again, very similar to a. but without the pain  
>> of having different data in the same table. Also, if the implementation  
>> of SQLStore will become multi-table (instead of multi-database  
>> which is now), there would be only one table for all the metadata.  
>> 
>> So, what do you think?
> 
> Repeating what I said on that Jira, it seems too much. APIs like SQLCipher don’t do that.

You can’t compare EncryptedSQLStore with SQLCipher. Completely different way of encryption. SQLCipher encrypts the database page by page (mostly chunks of 1024 bytes), but EncryptedSQLStore encrypts only the data row by row individually (check [1] for very simple comparsion). That’s completely different approach. This way you can find out if the passphrase is right by calling basically any SQL command and an exception will be thrown if it won’t succeed. That’s something that cannot be achieved with current EncryptedSQLStore implementation. The EncryptedSQLStore already saves IV and Salt in separate table. It wouldn’t be a problem, performance issue or space issue to add one more row, which the EncryptedSQLStore would try to decrypt and if successful, that’d mean the passphrase is correct. The value of that row might be just an encrypted JSON with random key and value. That way, you’d check if the decrypted is valid JSON. There should be no security issue with that, or is there?

>> 
>> PS: For abstractj, I’ve been trying to find any library that would  
>> do the encryption on high-level, as AeroGear does, but couldn’t  
>> find any. There are many ways to encrypt SQLite database though  
>> they work on different approach of encrypting the whole database  
>> file, not just rows themselves.
> 
> That’s the reason why we’ve been working on it.
> 

I’m not saying “don’t work on it”. I’m just trying to help, so it'll have added value for the user.

>> 
>>>> Tadeas Kriz
>> tkriz at redhat.com
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev  

1 - http://i.imgur.com/u7WFNPJ.png
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140121/065f08a3/attachment-0001.html

More information about the aerogear-dev mailing list