800+ IT
News
als RSS Feed abonnieren๐ Turtlapp was recently audited
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
https://turtlapp.com/ is known as a The secure, collaborative notebook. It is a small project which is considered for note taking and can be used as note taking with real-time sync.
AUDIT WAS DONE BY Johannes Hald.
I myself am a user of Turtl and I love the application but I really hope the developer fixes all the issues and find the help from the community he needs. I really wish him luck!
Here's the link to the blog post: https://turtlapp.com/2021/07/audit-of-turtl-core/
IDENTIFIED ISSUE:
- The libsodium3wrapper sodiumoxide, provides an initialization function that ensures, among other things, thread-safety when accessing the PRNG. This PRNG is used to generate cryptographic key material used to secure data. Sodiumoxide is used in Turtl, but the initialization check is never performed. As such, the use of sodiumoxide poses a thread-unsafety risk. Turtl must include a check for correct initialization, whenever Turtl is launched.
- It is possible for users to host their own Turtl servers. For this purpose, Turtlhas a configuration option intended to allow self-signed certificates. You can find it on the github as well as on the audit pdf (which I will link at the end of the thread) about for more information on how to.
- Running cargo-audit7on the Turtl project reports 10 dependencies with security issues and other problems. These dependencies must be updated and a new Turtl version must be released.
- Turtl randomly generates 12-byte nonces to be used with ChaCha20-Poly1305.This is considered unsafe, due to the risk of collision for a 12-byte nonce. If a collision occurs, a nonce-reuse scenario will break confidentiality and authenticity of data encrypted with the corresponding key.
โ
pub fn encrypt(key: &Key, plaintext: Vec<u8>, op: CryptoOp) -> CResult<Vec<u8>> { let version = CRYPTO_VERSION; match op.algorithm { "chacha20poly1305" => { let nonce = match op.nonce { Some(x) => x, None => low::chacha20poly1305::random_nonce()?, } This can be avoided by either using an incremental nonce, or switching to theXChaCha20-Poly1305 construction, for which it is save to randomly generate nonces.
- When a user logs in to Turtl, their email and password will be used to derivea master key. This master key is, in part, used to construct the authentication token that authenticates the user to the Turtl server.
โ
/// Generate a user's auth token given some variables or something pub fn generate_auth(username: &String, password: &String, version: u16) ->TResult<(Key, String)> {โชโ info!("user::generate_auth() -- generating v{} auth", version); let key_auth = match version { 0 => { let key = generate_key(username, password, version)?; let nonce_len = crypto::noncelen(); let nonce =(crypto::sha512(username.as_bytes())?)[0..nonce_len].to_vec();โชโ let pw_hash =crypto::to_hex(&crypto::sha512(&password.as_bytes())?)?;โชโ let user_record = String::from(&pw_hash[..]); let op = crypto::CryptoOp::new_with_nonce("chacha20poly1305",nonce)?;โชโ let auth_bin = crypto::encrypt(&key,Vec::from(user_record.as_bytes()), op)?;โชโ let auth = crypto::to_hex(&auth_bin)?; (key, auth)} _ => return TErr!(TError::NotImplemented), }; Ok(key_auth) } The above function defines the generation of aforementioned authentication tokens. When sent over an insecure channel, these authentication tokens may leak whether or not a user has changed their password, by comparing two different authentication tokens, because the nonce is a hash of the username. The authentication tokens are also not session-dependent. This means, an attacker may record an authentication token for a given user at one point, and use it to impersonate the user at a later time. The above is possible, only if the server and client do not communicate securely using TLS. In general, the design of these tokens seem unnecessarily complex, which is why the recommendation is to move to another authentication token form at altogether (such as PASETO or Branca) or simply authenticate the user based on password hashes instead.
Suggested Improvements:
- Set size-limit for files or encrypt them in chunks.
- Document that backups are not encrypted.
- Make the salt used for generating invite keys random.
- Add additional protections for the key type.
- Weak minimum length requirement for password.
SUMMARY:
It was found that Turtl currently lacks security-related maintenance updates. A number of dependencies are affected by reported security issues, which may put user-data at risk.Even though TLS between server and client is optional, the security of communication between the two, relies heavily upon the use of it. Turtl should not be used without TLS and, according to the developers of Turtl, TLS is also highly recommended. Further, the Turtl server should not currently be used with self-signed certificates (see TURTL-002).
LINKS:
Application: Website, Download
Blogpost: https://turtlapp.com/2021/07/audit-of-turtl-core/
Security Audit report: https://turtlapp.com/files/turtl_audit_2021-05-05.pdf
Auditor's blogpost: https://brycx.github.io/2021/05/02/turtl-audit.html
Auditor's website: https://brycx.github.io/
[link] [comments] ...