Keepassxc: Argon2 Default Memory Setting Too High for iOS Auto Fill App

Created on 18 Sep 2019  路  5Comments  路  Source: keepassxreboot/keepassxc

Expected Behavior

Default new database Argon2 Memory setting should not cause an iOS Auto Fill crash.

Current Behavior

At the moment the current default seems to be 128MB. This will immediately blow the iOS App Extension memory quota and cause a silent crash in iOS Password Auto Fill contexts.

Possible Solution

Change the default memory setting for Argon2 to something like 32/64MB

Steps to Reproduce

  1. Create a new database and add to your favourite iOS KeePass app (e.g. Strongbox or Keepassium)
  2. Enable iOS Autofill for this password manager
  3. Try to perform an auto fill in Safari or other app

Context

Hi guys, I'm the developer of Strongbox, the iOS KeePass app. Love your work, kudos! Unfortunately I get a lot of support requests now from people who have used your app on Mac and love it. However because of the default setup, they create databases with default Argon2 memory of 128MB.

This means that they will experience a crash whenever they try to use Auto Fill on iOS due to memory limitations of App Extensions on that platform (I believe the quote is about 100MB, Apple doesn't provide reference figures for this).

This crash is silent, it just terminates the app and doesn't fill in the users credentials. Obviously this is a terrible experience for the user.

I was wondering if it would be possible to reduce this parameter to something like 32/64 MB or something like that? Possibly increasing the CPU cost instead to compensate? This would lead to an all around better experience for the user in the KeePass ecosystem.

Currently I have to try to warn them in app, often ignored, and then when/if they eventually mail support, I have to ask them to change this setting manually.

Thanks for your consideration in advance!
Best wishes,
-Mark

Debug Info

KeePassXC - Version 2.4.3
Revision: 5d6ef0c

Qt 5.12.3
Debugging mode is disabled.

Operating system: macOS Mojave (10.14)
CPU architecture: x86_64
Kernel: darwin 18.7.0

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare (signed and unsigned sharing)
  • YubiKey
  • TouchID

Cryptographic libraries:
libgcrypt 1.8.4

bug high priority
Source
picture mmcguill
👍32

Most helpful comment

Oh wow good to know, 64MB seems sufficient. Argon2 is pretty difficult for phones in general. Since we calculate the cpu cost to achieve a 1 second KDF time, this shouldn't impact security.

picture droidmonkey on 18 Sep 2019
👍2

All 5 comments

Oh wow good to know, 64MB seems sufficient. Argon2 is pretty difficult for phones in general. Since we calculate the cpu cost to achieve a 1 second KDF time, this shouldn't impact security.

droidmonkey picture droidmonkey on 18 Sep 2019
👍2

Thanks for the quick response!

Yes, it's quite an intensive KDF on mobile devices... This would really help people on iOS. I'll probably start actively asking users in app with Argon 2 Memory > 64 if they want to reduce it for better Auto Fill experience.

mmcguill picture mmcguill on 18 Sep 2019

I can throw together a quick how-to image for KeePassXC to lower the memory usage. Wr currently hide that behind an "advanced" view.

droidmonkey picture droidmonkey on 18 Sep 2019

That would be greatly appreciated, I try to walk users threw it over email, but a how-to of some sort would be amazing. Thanks!

mmcguill picture mmcguill on 18 Sep 2019

Thank you very much

mmcguill picture mmcguill on 27 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

813gan picture 813gan  路  3Comments
MisterY picture MisterY  路  3Comments
n1trux picture n1trux  路  3Comments
Throne3d picture Throne3d  路  3Comments
MountainX picture MountainX  路  3Comments