Keepassxc: Key derivation transformation seed stays the same on every save.
Expected Behaviour
- the key derivation should use a random seed every time the key is used for saving
Current Behaviour
- the seed is created (or loaded) only once and then reused every time when saving the database iff no key change happened
Possible Solution
- generate a random transformation seed every time the database is stored
Debug Info
KeePassXC - 2.21
Revision: 2bce9c8add07226e9a05e9e0fd0e5e66b236d5b6
Operating system: macOS 10.12
CPU architecture: x86
mstarke
All 3 comments
The master seed and encryption IV are regenerated every time the database is saved: https://github.com/keepassxreboot/keepassxc/blob/3e84c0a91a5281240d9e5db814a512c458957520/src/format/KeePass2Writer.cpp#L48
The transform seed, however, is not. There is no real incentive behind this other than that it was carried over from KeePassX and we never touched that part of the code. I don't know if the original author did it as a (questionable) performance optimization or simply forgot to regenerate it. I do agree that this should be changed.
phoerious
on 9 Oct 2017
@droidmonkey I fixed the issue and can send a pull-request if you want.
https://github.com/rockihack/keepassx/commit/1b0e1c2dfba2adb579ddcf5e1afea66d4afdc56e
rockihack
on 12 Oct 2017
yes please do. target for 2.2.2
droidmonkey
on 12 Oct 2017
Related issues
MisterY
·
3Comments
pavlkx
·
3Comments
2tbwXj46BDbdNBRV79DS
·
3Comments
n1trux
·
3Comments
guihkx
·
3Comments
Most helpful comment
The master seed and encryption IV are regenerated every time the database is saved: https://github.com/keepassxreboot/keepassxc/blob/3e84c0a91a5281240d9e5db814a512c458957520/src/format/KeePass2Writer.cpp#L48
The transform seed, however, is not. There is no real incentive behind this other than that it was carried over from KeePassX and we never touched that part of the code. I don't know if the original author did it as a (questionable) performance optimization or simply forgot to regenerate it. I do agree that this should be changed.