Password Manager desktop app

StavrosN

5/2/24, 6:06 PM

I have built a small password manager desktop app using python. This app falls under the master-password model.The app connects to two databases stored locally. The first database stores the users username for my app and the hashed (sha256+salt) master password it also stores an email for password recovery puprpose. The second database stores username,password and optionaly email for the app the user wants to save,for example(stack overflow). To encrypt data im using AES CBC , a 16byte IV witch is hard-coded and as a key the non hashed masterpassword witch is stored in the RAM and is provided to the programm when the users logs in. Is this a safe approach or completely vulnerable?( As a next step I will try memory scrubbing to erase sensitive data from RAM)

0 + 6

aes

password-based-encryption

samuel-lucas6

5/2/24, 10:00 PM

I'm extremely in favour of learning by doing. However, an important step is doing sufficient research beforehand, like reading up on the algorithms being used and looking at existing applications/protocols. If you had done that more, you would have done several things differently. For example, SHA-2 is inappropriate for password hashing, AES-CBC requires an unpredictable/random IV and provides no protection against tampering, and a password shouldn't be used directly as a key. Well done for seeking feedback though. I would recommend Argon2id and ChaCha20-Poly1305.

StavrosN

5/3/24, 10:04 AM

Thank you very much for your feedabck Samuel. I will try to implement the changes you mentioned. I have only one qusetion though. Since the app is designed to be used offline and all the data will be in the users machine is it pssible to have a radom IV? Because if you dont know the IV you cant decrypt the data to show to the user. And in order to know to the IV you would have to store it locally witch is the same as hard-coding it?@samuel-lucas6

samuel-lucas6

5/3/24, 11:50 AM

The IV still needs to be stored, but it's randomly generated every time. By definition, hardcoded means it's a fixed value - aka non-random or the same IV for multiple encryptions. Did you mean it's random but stored?

StavrosN

5/3/24, 3:45 PM

I meant it had a fixed value. Lets say I generate a random IV for each app the user stores. For example for App1 i generate IV1 and save it so that when the user requests to see the data of App1 the programm gets it from a database and uses it together with a key to decrypt the data. But doesnt this defeat the purpose since IVs are visible?

samuel-lucas6

5/4/24, 8:19 AM

IVs/nonces are normally public; this shouldn't be a concern. However, AES-CBC cannot be used with the same key and IV pair as it leaks information about the first block of the message. Ideally, switch from AES-CBC because nobody uses it in new protocols. XChaCha20-Poly1305 allows randomly generating nonces safely. I'd recommend a library like [libsodium](https://doc.libsodium.org/).

StavrosN

5/4/24, 8:41 PM

Thank you for the help Samuel!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Password Manager desktop app

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.