Td: setEncyptionKey Usage

Created on 8 Apr 2018  Â·  9Comments  Â·  Source: tdlib/td

Hello!

Usability question. Should I let choose encryption key to user or generate it randomly?
Which path is better (or recommended)?

Most helpful comment

Yes. If there is no HSM, the best you can do is to use PBKDF2-HMAC-SHA256 of user password.

All 9 comments

To achieve optimal security, it is recommended to store a random 256-bit key in a hardware security module (HSM), which becomes accessible only after the user enters their password.

If HSM is not available but the application doesn't need to work in the background, you can achieve extra security by asking the user for their password before the app does anything and use PBKDF2-HMAC-SHA256 on the user's password with a sufficiently large number of iterations, e.g. 100,000. (This solution is acceptable for desktop applications where the user doesn't rely on notifications arriving in the background when they are not using the app.)

If the application must work in the background without user interaction but HSM is available, you can store a random key in the hardware security module and receive it using a constant password. (This gives some added security because data can't be accessed simply by copying the database, access to the device is still required.)

In case HSM is not available and the application must be able to work without user interaction in the background, then it is hardly possible to achieve better security than TDLib provides by default, so you can use an empty key with setEncryptionKey. (This situation is most common for mobile devices – and the majority of mobile devices requires root access to access the database. A scenario where an attacker has root access is a game over scenario in any case, so this is acceptable.)

@levlam if I understand correctly, for custom Telegram app I should use PBKDF2-HMAC-SHA256 of password entered by user (because smartphone has no HSM)?

Yes. If there is no HSM, the best you can do is to use PBKDF2-HMAC-SHA256 of user password.

@levlam I'm sorry I'm confused.
How should I use hash exactly? I never work with user passwords before, please help.

  1. I ask user to input password
  2. I hash it with PBKDF2-HMAC-SHA256 with random salt
  3. That hash i use for encryption and store in file system?

Or

  1. I ask user to input password and store it as plain text
  2. I hash it with PBKDF2-HMAC-SHA256 with public salt (That only developer knew)
  3. I use that hash for encryption?

Please explain me how to use password hashing, because both scenarios not looking good IMHO.

  1. You ask user to input password
  2. You hash it with PBKDF2-HMAC-SHA256 with random salt generated on the client and stored somewhere.
  3. That hash you use as encryption key.

I understand that it becoming more a disscusion, but I do not understand.

If I use hash of a password for encryption, why attacker can't copy db and hash of a password from device too? He can get data with that files, right?

I'm developing for Sailfish OS and there is no secure place to store a password. And also I can't ask user to enter pass every time, it's annoying (even TelegramX do not ask that). And I'm planning to release code to github.
So for security I have to either ask user for password either do not encrypt at all?

Sorry to bother, never worked with encryption before.

Thanks in advance.

@blacksailer As I've said in the first answer "If hardware module isn't available and application must work without user interaction, then it is hard to achieve security better than provided TDLib by default, so empty key may be used". Basically, if application should work without user's password there is no way to make it really secure. So, if you have something like passcode, you can reuse it as a password for generating database encryption key. If application can be killed at any time, but should be able to work without password reentering, then it can't be additionally secured and empty encryption key is a way to go.

@levlam thanks for answer! is it possible to reencrypt with setEncrypionKey? (of course knowing old password)

@isopen Don't be sad, be awesome instead.

@blacksailer You can use setEncryptionKey any time to change database encryption key.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

sh-a-v picture sh-a-v  Â·  3Comments

mbj2007 picture mbj2007  Â·  4Comments

FJarvan picture FJarvan  Â·  3Comments

Losses picture Losses  Â·  3Comments

hatami57 picture hatami57  Â·  4Comments