VirtualBox

Opened 9 years ago

Closed 8 years ago

#14276 closed defect (fixed)

Disk encryption password policy and PBKDF2 parameters

Reported by: hds Owned by:
Component: other Version: VirtualBox 5.0.0
Keywords: password policy, PBKDF2 Cc:
Guest type: all Host type: all

Description

Hello, I think I have found two issues with the new encryption feature of VirtualBox:

  1. There is no password policy enforcement, this could be abused to easily decrypt disks if passwords such as 123, admin, virtualbox, etc are used.
  2. The key derivation function used by the plugin (PBKDF2) is only using 2000 iterations, it would be good if this parameter could be modified or have a higher value as this is just used once in the password verification.

Thanks!

Change History (6)

comment:1 by hds, 9 years ago

Hello, I would like to add something:

  1. Salt parameter used by the PBKDF2 is not following the standard. It is using 32 bits instead of 64 bits as proposed in https://tools.ietf.org/html/rfc2898#section-4.1 or 128 bits as proposed in http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf.

Thanks!

comment:2 by aeichner, 9 years ago

Our salt is 256 _bits_ which is 32 bytes. Where did you see that we would only use a 32bit salt?

Regardings the number of iterations for PBKDF2: http://www.ietf.org/rfc/rfc2898.txt suggests at least 1000 iterations and we use double the amount so this should be safe for now but we might make this configurable in the future or adapt to this dynamically based on the CPU power of the host where the store is created.

comment:3 by aeichner, 9 years ago

Actually that spec is from 2000 and compute power has increased a lot since then. We are looking into increasing the iteration count for the next maintenance release.

comment:4 by hds, 9 years ago

Hello, sorry! it is a 256 bits salt as you said, my mistake.

Thank you for consider increasing the iteration count, it would be great to have an option to configure it.

Did you consider to enforce password policy too?

Thanks!

comment:5 by Frank Mehnert, 9 years ago

I don't think that enforcing a password policy makes sense. It's the data of the user and he is responsible for choosing an appropriate password. If he want's to shoot into his own foot the software has a hard time to prevent that. A password policy is always based on estimates.

comment:6 by aeichner, 8 years ago

Resolution: fixed
Status: newclosed

The second point of this ticket is fixed by now, the iteration count is dynamically chosen based on the power of the CPU encrypting the disk. As Frank always stated the first point will not be fixed as it is the responsibility of the user to choose a secure password. Closing this defect.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use