Page 3 of 4
Posted: 2008-02-15, 01:51 UTC
by timsky
Mr. Ghisler are there any changes?
Posted: 2008-02-18, 17:29 UTC
by ghisler(Author)
TC 7.5 will use AES-256 from CryptoAPI with SHA256 (implemented inside of TC), I'm currently working exactly on this function. I haven't received any reply yet from the maker of the AES plugin, so sadly this function will be available only in Windows XP and later.
Perhaps someone else can take over the AES plugin if the author is no longer maintaining it. Only small changes will be needed, I can send detailed instructions if anyone would like to take over. The plugin uses Delphi, though, so the developper would need to be able to recompile the project with Delphi.
Posted: 2008-02-18, 18:31 UTC
by timsky
That's great!
When do you plan release TC 7.5?
Posted: 2008-02-21, 15:01 UTC
by octane
AES, well. Where will you store the encryption-key or will there a "master-password" for this SecStore?
Posted: 2008-02-21, 18:04 UTC
by StatusQuo
octane wrote:AES, well. Where will you store the encryption-key or will there a "master-password" for this SecStore?
I think this is answered
here:
ghisler(Author) wrote:The user will need to type it in every time a stored password is used (it may be remembered for a certain time)
Posted: 2008-02-21, 20:47 UTC
by ghisler(Author)
Currently my implementation works like this:
1. User uses Ctrl+F - New or Edit dialog
2. There is a new checkbox "Use master password to protect your passwords"
3. User enters FTP site password, checks the option in 2, and clicks OK
4. User is asked for master password
5. TC looks for ini file value AESVerify which contains a random value encrypted with the password in the form byte1 byte2 byte3 byte4. If the value is found, it is decrypted with the master password. If byte1=byte3 and byte2=byte4, then the password is OK. If not, TC shows an error.
6. If AESVerify is not found, TC asks user to confirm master password, then creates AESVerify value and stores it.
7. The ftp password is encrypted with the master password. For each password, a different random seed value is created and stored with the encrypted password. This is done so even if a user uses the same ftp password for two configurations, the encrypted data will be different.
8. The master password is remembered in memory, but not as a string, but instead in an array of pointers where each pointer points to one character. In addition, each character is XORed with a random value (different random value for each character). This way the password isn't stored in plain text in memory, except for a very short time when the AES key is derived.
9. The key is currently remembered until Total Commander is minimized. I also plan to add a user-configurable timeout. It would also be nice to "forget" the key when the screen saver kicks in - does anyone know how to detect that?
10. The AES master key is derived via SHA256 of the password and a seed value. In addition, that key is then encrypted 1000 times with another, random AES key which is stored in the wcx_ftp.ini. This method (which was implemented in some other password safe tool) is used to make brute force attacks very slow.
11. The password edit box doesn't react normally to WM_CHAR messages. Instead, I install a WH_KEYBOARD_LL (and if this isn't possible, WH_KEYBOARD) hook. Since the last-installed hook will be called first, this will override any keyloggers which have installed a hook before TC.
Any other suggestions to make that more secure?
Posted: 2008-02-21, 23:52 UTC
by StatusQuo
ghisler(Author) wrote:9. [...]It would also be nice to "forget" the key when the screen saver kicks in - does anyone know how to detect that?
BOOL WINAPI SystemParametersInfo( SPI_GETSCREENSAVERRUNNING, ... )
should give the info - at least passively, for Win2k and up.
Here is a workaround for NT4 / Win95 (using a hook; search for
SPI_GETSCREENSAVERRUNNING).
MSDN Lib link
Example in C
Example in VB6
Example in Python
Maybe a more active notification can be achieved by monitoring some system message,
like
WM_SYSCOMMAND Notification (
MSDN Link ) with parameter
SC_SCREENSAVE:
MSDN Lib wrote:A window receives this message [...]
SC_SCREENSAVE
Executes the screen saver application specified in the [boot] section of the System.ini file.
Example:
Code: Select all
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{ switch (message)
{ case WM_SYSCOMMAND:
{ switch (wParam)
{ case SC_SCREENSAVE:
[...]
, and another (very similiar) one, in a
bigger project
Posted: 2008-02-25, 08:29 UTC
by Lefteous
2ghisler(Author)
Your approach sounds very promising - especially when looking at the problems recently found in Truecrypt and FileVault. A few questions/remarks:
1. Which function do you use to delete data in memory?
2. It would be great if you would provide a password storing mechanism for plug-ins. Something like a key chain seen in other operating systems such as Linux or OS X.
Posted: 2008-02-25, 10:24 UTC
by m^2
ghisler(Author) wrote:9. The key is currently remembered until Total Commander is minimized.
I don't like it. It's surely security enchantment, but it's counterproductive.
Posted: 2008-02-25, 20:00 UTC
by ghisler(Author)
2StatusQuo
Thanks for the hints, but none of them worked. The SystemParametersInfo didn't return true on Windows 2000 when password protection of the screen saver was off, and the SC_SCREENSAVE notification is only sent to the program which currently has the focus, no other programs.
I did find a solution which works, though: When TC doesn't have focus, check with a timer whether there is a 'WindowsScreenSaverClass' window. This is for the case when there is no password protection, then the screen saver runs on the same desktop. Otherwise call OpenDesktop('Screen-saver',... and if it works, enumerate the windows on that desktop and check that they aren't on the same desktop as TC (this is necessary due to a bug in Windows).
2Lefteous
1. I simply overwrite it withv zeroes before freeing the memory.
2. I'm considering this too, but I need some way to prevent that plugin A stores some passwords, and then plugin B reads them and sends them to a cracker.
2m^2
What would you suggest then? You can't really expect that a user re-enters the password every time, this would be even more annoying as the Vista security dialogs.
Posted: 2008-02-25, 20:16 UTC
by Lefteous
2
ghisler(Author)
I simply overwrite it withv zeroes before freeing the memory.
You might consider using
SecureZeroMemory depending on how you currently zeroing the data.
I'm considering this too
Great
Posted: 2008-02-25, 20:23 UTC
by m^2
I suggest that forgetting in these situations should be optional.
IMO a button to forget password will do just fine for great majority of users.
ADDED: Actually my contact with Vista is the reason for this suggestion. Reentering the password every time I connect to ftp server after minimizing TC would be almost as annoying as what MS wants to sell us.
Posted: 2008-02-25, 23:55 UTC
by fenix_productions
Why not to make this re-entering optional?
If someone sets this in INI file it will be his fault only. The default settings should be "as less bothering as it possible".
Personally: I have KeePass locked each time its minimized. I can accept asking for master password every-time it is focused because I am using this app rarely. I think that some people will accept it for the prize of being safe.
PS. Will there be any possibility for the user to see what passwords he put for any FTP server?
Posted: 2008-02-26, 09:41 UTC
by m^2
fenix_productions wrote:PS. Will there be any possibility for the user to see what passwords he put for any FTP server?
Sure. You know
Revelation.
Posted: 2008-02-26, 11:35 UTC
by Hacker
fenix_productions,
The default settings should be "as less bothering as it possible".
Should the default settings not be "as secure as possible"?
Roman