I store my passwords in an encrypted database file in the cloud. That is, my KDBX files from KeePass are stored in a cloud storage server, let's say it's Dropbox. Dropbox, whether they admit it or not, probably keeps a very long history of my files. If someone were to attempt to decrypt my KDBX file, would it help them if they had successive copies of my KDBX file over time? I sometimes update just one line in the file and re-sync to Dropbox. Are these files engineered in such a way (i.e. without some sort of random seed) that would give someone great advantage in decrypting the file if they studied successive copies of the file?
Asked
Active
Viewed 297 times
2
-
It depends on the encryption method used. AES-GCM wouldn't be vulnerable. OTP would be. – makerofthings7 May 20 '14 at 19:00
2 Answers
1
If you are using Keepass 2.x then your .kdbx file is encrypted using AES. Every copy of your file will be different from your previous ones.
Without the knowledge of what was changed, I think it is not possible/easy/feasible to compare and run any sort of decryption against multiple files.
ciphercodes
- 709
- 4
- 7
1
It is unlikely since that changes will not result in a single bit replacement for the encryption under most circumstances.
Given key bits: 0f 15 71 c9 47 d9 e8 59 0c b7 ad d6 af 7f 67 98
Plaintext = AES("I am BEST") ==> 20 9f d4 c3 b6 79 c4 d3 70 5f b2 b4 c0 85 c5 d5
Plaintext = AES("I am COOL") ==> 7b 8e a4 b4 df f0 11 30 54 14 ad 1c 39 07 ad e6
(Generated using this quick online encoder/decoder with a preset key ASCII input, hex output)
However, when encryption and compression are combined, this can lead to defeating the encryption based on certain known inputs and prediction, e.g. the CRIME attack.
Eric G
- 9,691
- 4
- 31
- 58
-
Can cross verify these inputs at http://aes.online-domain-tools.com/, or using your own desktop tools. – Eric G May 20 '14 at 19:29