-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make sync protocol resistant to manipulations #86
Comments
Some additional considerations:
|
Never mind, this is a bad idea, as there is no salt which is random enough and could be used here. Then it just needs a way to resolve the conflict if it happens. Sync needs to be disabled on the failing client and the client reconnected then. With identical master passwords this will just work and bring the clients in sync. With different master passwords or otherwise broken data, connecting should error out and offer to remove the data. |
The spec actually defines exactly which characters should be escaped and how. I tested this in Firefox and Chrome and it seems that we can rely on the results to be consistent. However, sorting keys is not possible. So I think that in order to sign the data we should convert our data object to an array of key/value pairs, sorted by key ( |
…hile keeping compatibility with format 2
Initial upload requires the master password, which will become problematic if autolock delay is set to 0. As I realized now, this is already an issue due to required rekeying. |
A bulk of this has been implemented, documentation has been updated as well. Better handling of edge conditions is still necessary. |
This can be considered resolved now, further UI enhancement is #103 now. |
The sync protocol as implemented in #24 still has some issues. While the storage provider cannot decrypt the data stored by PfP, they might still be able to tamper with it:
How this can be addressed:
syncRevision
field is added to the data, defaulting to 0 if not set (data created by previous version). A sync client should always increasesyncRevision
when replacing the data. It should also store the highestsyncRevision
value it has seen and only perform sync operation ifsyncRevision
increased. Seeing a lowersyncRevision
value should trigger a warning, the data has been tampered with.syncSignature
field containing an HMAC-SHA256 signature. The data signed should be a normalized representation of the data without thesyncSignature
field but withsyncRevision
(stringified JSON without whitespace with keys sorted). Clients should always verify the signature before accepting the data, signature mismatch should trigger a warning that the data has been tampered with.There is still one legitimate scenario where the revision number might decrease: if the user removes the data from the storage and syncs an unrelated instance to it then. An existing client should refuse to sync then, there is no way to tell that it isn't an old version of the data. The user can disable sync and reconnect to repair this.
The text was updated successfully, but these errors were encountered: