Summary
Iteration count: The iteration count for PBKDF2 is currently set at 1000:
This is extremely low (OWASP recommends a minimum of 600000) and allows attackers to brute-force a password used to encrypt a note.
Constant salt: The salt is set to a constant:
|
const salt = utf8Encoder.encode(navigator.userAgent); |
The purpose of the salt is to avoid dictionary attacks, but given it is constant, an attacker can build a dictionary of PBKDF2 hashes, for pretty cheap given the above iteration count, and thereby speed up the brute-force attacks.
Suggested workarounds
- Preferably switch to a modern password-based key derivation function like Argon2id, as PBKDF2 is pretty outdated at this point.
- Update the cost parameters to match the recommendations of OWASP
- Make the salt random for each string/file that is encrypted. The salt can be appended to the beginning of the string or file, before going through key-derivation again.
brycx Reporter
Summary
Iteration count: The iteration count for PBKDF2 is currently set at
1000:obsidian-encrypt/src/services/CryptoHelper.ts
Line 4 in f68ea19
This is extremely low (OWASP recommends a minimum of
600000) and allows attackers to brute-force a password used to encrypt a note.Constant salt: The salt is set to a constant:
obsidian-encrypt/src/CryptoHelper.ts
Line 5 in f784e6d
The purpose of the salt is to avoid dictionary attacks, but given it is constant, an attacker can build a dictionary of PBKDF2 hashes, for pretty cheap given the above iteration count, and thereby speed up the brute-force attacks.
Suggested workarounds