KeePass2 v 2.34 to fix update security problem
From the KeePass site: http://keepass.info/help/kb/sec_issues.html#updsig
In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512).
KeePass 2.34 and higher only accept such a digitally signed version information file. This solution is more secure than just using HTTPS, because it guarantees version information safety even when the webserver is compromised (the private key for signing the version information is not stored on the webserver).
Downloads page: http://keepass.info/download.html
Edit: The update has NOT yet been released, as of (CET 11:30 2016-06-06)
42 comments
[ 3.6 ms ] story [ 127 ms ] threadImagine if there's a vulnerability in one version of KeePass2, and the fix is available for it. MiTM attacker sends the previous version so that the app doesn't know that there's an update, and the attacker has more time to use the vulnerability.
HTTPS prevents this. They should do both.
"Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS."
[1]: https://theupdateframework.github.io/
It looks like they are
I still see a glaring MitM vulnerability…
Until the author actually switches to HTTPS, network operators can simply hijack the original downloads page in the first place. This update is barely a mitigation.
If he wants more ad revenue, his only option is to find another ad network. Eventually someone else is going to start hosting a popular fork on a different HTTPS site if he keeps stubbornly ignoring this issue.
> mitm attacks can't do much other than see which packages you install
On the contrary, if you MitM the entire downloads page you can simply offer up a hacked/backdoored version of the software. There is no signature check if you remove the signature check in the version that you distribute.
Sure, in this day and age, it's slightly disconcerting to see a security-related website that isn't SSL, but on the other hand, the tendency to blindly trust the green padlock is probably even more dangerous.
http://keepass.info/integrity_sig.html https://keybase.io/reichl
It may be flawed, but clowning the CA model is beyond the abilities of the vast majority of attackers.
But TBH, if I am going to go through the trouble of MITM'ing the site, then I am going to rewrite the site to:
* include my awesome fingerprint
* link to my awesome key
* link to my l33t entry on keybase
Side note - the CA model has issues, but in what world is pointing users to a VC funded startup that has only been around for two years "safer" than the flawed, but well understood security model of the CA system?
I don't mean to impugn Keybase, from watching them I like what they are doing, but bootstrapping trust based on content they control is hardly ideal, and I would be shocked to hear someone say that Keybase is more reliable or more trustworthy than the CA/Browser Forum (10 years old) and the browser vendors (>20 years old depending on vendor/code base).
[1] https://www.keepassx.org/
Support for the KeePass2 format was the only thing preventing me from using it in the past.
(At the very least, a .kdbx on Syncthing/Droxbox-like storage WILL eventually lead to data loss.)
It's been working for me without issue since 2009-ish. I've used 1.x and 2.x databases in Dropbox.
It's a small pain to go through and figure out which item is out of sync, but doable.
[1]: https://theupdateframework.github.io/
Even if there is an implementation in .Net it will have to be audited and even then you are at the mercy of who ever maintains it.
Sucking in OSS libraries might sound easy and smart but it's a huge gamble unless it's a defacto standard in the industry or is being maintained by a giant corporation you might be stuck up the creek without a paddle as soon as the person maintaining it decides to drop it.
Why risk a malicious MITM-ed update? The keepass site should just provide portable zips and off-site hashes and sigs for verification.