Let’s be honest, I like ranting, but unlike others, I dont like to rant without at least having a point.
And the point of this rant is Steganos’ new Update of it’s Privacy Suite and it has some neat features like converting Partitions on your drive into safes, but there’s one of these which is the biggest joke I have seen in a long time.
2 Factor Authentication!
2FA isnt a bad thing in general, after all I have put this as an important point on my list of my Secure Authentication Tutorial. but this only applies when authentication alone can truly solve something, for example if you have a data flow which you can cut access to, for example my email account or the access to my Account here on this blog are secured by 2FA because the blog itself can deny access to the administration panel because nobody can get onto the server here aside fromthe hosting company and myself obviously. a cloud is another good example. They have your data and they can say “you wont get your data unless you have proven us that you are truly you”.
But this concept doesnt work so well for encrypted, locally stored safes. All the data is only there and it only needs to be decrypted. so you have to make sure that the encryption and the keys are strong, which is basically done over your password.
I am not saying there cant be 2FA for Encryption, actually there is 2FA for Things like this. Smartcards. Essentially an extremely secure crypto-processor, which also stores the key and only does anything after authentication happened (aka you enetered your PIN) and the safe’s data would be encrypted using the public key of the smartcard, needing its private key to decrypt it, and authentication on the smartcard works beautifully because smartcards are made in a way that you CAN NOT ACCESS ANYTHING stored on them and instead they act as a black box and do the work for the computer, meaning the computer will never learn the key.
And even Keepass has an effective means of 2FA. Effective doesnt mean good though since it is in my opinion a huge misuse of the HOTP standard, but it certainly is effective if the internals are done properly.
Well back to Steganos. Steganos Promises 2FA using Apps like Google Authenticator or (more importantly), Authy. why is Authy so important? well, not without reason, authy cannot do classic, counter-based HOTPs, meaning it can only do Time-based HOTPs, also called TOTP, so what’s the whole point, you ask? Well let me tell you.
Unlike Keepass misusing Counter-OTPs where it precomputes the next OTP(s) and uses those to encrypt, Steganos can’t do that. it is not sure when this safe will be ever opened, meaning if it would use an OTP from some arbitrary time and the user doesnt decrypt it that time, they wont be able to do so ever unless they changed their clocks to that arbitrary time, definitely not good for user interaction, so the only way that stays is to verify the TOTP while encrypting, and refusing to decrypt unless the right TOTP is entered.
And this is the exact point of it.
Even if Steganos can refuse to decrypt the safe, someone else can write a software that does the decryption and just doesnt care about the OTPs since the password is the only thing truly securing the safe anyway.
And I am not even finished. The Verification of the OTP occurs on the same PC you use to enter the OTP and decrypt the safe. in case of keepass the OTPs are part of the encryption key, meaning the shared secret is not needed for validating the OTPs because without the correct OTPs, the safe just wont decrypt, and you only need to access the secret once, when closing the safe and precalculating the next OTP for encryption.
In contrast with Steganos having to do a direct validation by calculating the correct OTP, it has to access the shared secret in the decryption stage, which is the big problem. because while the check happens the shared secret has to be in RAM to be inserted into the HMAC algorithm. This means by accessing the RAM an attacker who has just the password can read the secret, and use that to calculate the correct OTP himself, thereby completely shattering the second factor.
This basically makes version 19 a big joke because if they implement this, I dont honestly know whether they do the real crypto in any correct way. and I would be very careful using a software with a big security fail like this. probably the real encryption is strong and good but the inclusion of this feature in this way clearly shows that someone clearly incompetent is making decisions.