keepassdroid
keepassdroid copied to clipboard
bpellin
How safe is my password if fingerprint is enabled in KeepassDroud?
The fingerprint feature of keepassdroid is very convenient and I love it. However, I'm wondering the safety.
I'm not a Android developer so I have no idea how fingerprint authorization works. But the main password should be saved in the phone at somewhere. My the question is:
- Can an normal app with storage permission get the main password?
- Can an app with root access get the main password?
- How about an app under xposed framework?
- What if there's a backdoor in my Android ROM?
According to my common sense, I think the answer would be No Yes Yes Yes. Is this true?
Fortunately, the password is not stored when you use the fingerprint. So unless there is a breach in the hash function or in the fingerprint keystore: No, No, Normally No, Maybe (Of course I don't speak of keyboard sniffers or clipboard, but it 's an other question) You password is hashed and the hash is linked to a fingerprint in the dedicated fingerprint keystore who is only accessible by the API of current application. (I also added a parameter to remove fingerprints keys by database in my fork! ;) )
@J-Jamet Thank you for your reply.
So the password is not stored, but the hashed password is. As far as I can see, if someone get the hash, he should be able to decrypt the keepass file without the original password, an I right?
If the question changes to the hash of password, is it still No, No, Normally No, Maybe ?
Thank you.
You can't directly get a password from a hash, but it can be retrieve by bruteforce attack. (https://en.wikipedia.org/wiki/Cryptographic_hash_function) Here the password is serialized in Base64 and encrypted with a Cipher (https://developer.android.com/reference/javax/crypto/Cipher.html) and stored in the Fingerprint Keystore (https://developer.android.com/training/articles/keystore.html) so it's basically the same encryption technique as the kdbx files itself but with a fingerprint hash to find a known fingerprint that decrypts the password (the explanation was shortened in the previous message).
As I read from https://keepass.info/help/base/security.html, the kdbx files are encrypted by AES 256 ( or ChaCha 20). The key of AES256 is derivated from the password (, a key file, a Windows user account key and/or a key provided by a plugin).
Is the stored hash the key of AES256? Or could the key of AES256 be derivated from that hash?
Thank you for your information about keystore. I googled the key words " android keystore fingerprint root", and found some useful results.
https://stackoverflow.com/questions/25790191/usage-of-software-hardware-backed-android-keystore-and-possible-security-usabili https://nelenkov.blogspot.com/2015/06/keystore-redesign-in-android-m.html https://doridori.github.io/android-security-the-forgetful-keystore/#sthash.Y0seXsCo.rUAsm0wu.dpbs https://www.futurelearn.com/courses/secure-android-app-development/0/steps/21602 https://security.stackexchange.com/questions/154775/using-the-android-hardware-backed-keystore?rq=1
It seems KeyStore could be implemented by software or hardware (TEE), and the hardware-backed keystore is safer. The software-backed keystore is vulnerable if the a malware has been granted root access.
When I make the password field visible with the eye icon, and place my finger on the sensor, my master password becomes visible. Why is this? Is the master password string stored somewhere along with my fingerprint?
When I make the password field visible with the eye icon, and place my finger on the sensor, my master password becomes visible. Why is this? Is the master password string stored somewhere along with my fingerprint?
Same for me. The master password should be stored somewhere.