lbry-sdk icon indicating copy to clipboard operation
lbry-sdk copied to clipboard

Published 20 hours ago verified publisher icon lbryio

fix password changes via synced device

Open lyoshenka opened this issue 5 years ago • 2 comments

the plan is to store old passwords in the wallet file. we'll handle them with the same level of security as the private keys. when a password change occurs, unsynced wallets can be unlocked during sync_apply because old passwords are in the sync data.

BC issue

the below steps introduce a BC break because the structure of the encrypted data will change and old sdks will not be able to decrypt it

steps

PR 1

  • [ ] update the payload encryption:
    • [ ] generate a salt the first time a wallet is encrypted.
    • [ ] use scrypt (or another KDF) on user's password with the wallet salt to generate a derived key
    • [ ] use derived key to encrypt wallet data
    • [ ] HMAC encrypted data with derived key
    • [ ] encrypted wallet looks like: [version][salt][hmac][encrypted data]
  • [ ] update the payload decryption to verify the HMAC and report a wrong password if the values do not match
  • [ ] ensure decryption is backwards compatible

PR 2

  • [ ] add a section to the wallet file called password_history. it will be a list of strings.
  • [ ] add new command wallet_change_password which changes the in-memory wallet password and adds the new password's derived key (scrypted with wallet salt) to the wallet password list if its not there yet. wallet must be unlocked to call this command.
  • [ ] modify wallet_encrypt to add the derived key to the password list
  • [ ] modify wallet_decrypt to erase the stored list of derived keys
  • [ ] modify sync_apply such that if the wallet is locked when it is called, it will try to unlock the wallet with the provided password. if that fails, it will use the provided password to decrypt the payload and try unlocking the wallet with the derived keys in the payload. if one of those keys succeeds, it will call wallet_change_password with the key that succeeded, and re-lock the wallet after applying the payload.

related: https://github.com/lbryio/lbry-sdk/issues/2175, https://github.com/lbryio/lbry-sdk/issues/1843, https://github.com/lbryio/lbry-sdk/issues/2583

lyoshenka avatar Nov 25 '19 22:11 lyoshenka

update description following discussion with jack

lyoshenka avatar Dec 16 '19 17:12 lyoshenka

we are releasing lbry.tv passwords today without this, another candidate to fix

kauffj avatar Apr 13 '20 19:04 kauffj