Tuesday, August 30, 2016

Multicipher Plugin for Keepass

First of all many thanks to Dominik Reichl for creating KeePass Password Safe (http://www.keepass.info) this plugin would not have existed otherwise

Version 1.1

Updated for Version 2.39x

Download MultiCipher Plugin for Keepass
Click here to download the files
Click here for the Source Code Repository

Version 1.0

This is a dual cipher model with independent keys that uses AES-256 and 3DES-192 doubling data length random pad following the method as mentioned by Bruce Schneier in his book "Applied Cryptography".

There is no block padding and is filled with random bytes where the true length is indicated in the header, also AES key and IV is provided by keepass and only 3DES Keys and IV are generated.

n = Plaintext Length
m = Random pad of n bytes
b = Block pad length = 32 - n % 32 (but 0 if n%32 is 0)
b1 = block pad =  b bytes of random data
b2 = block pad = b bytes of random data

Encrypted data format:

PositionLength (Bytes)Content
0x000x01File Version currently 1
0x010x01Algorithm (currently 0 - indicates AES+3DES)
0x020x20Random master seed for 2nd Cipher
0x220x20Random seed to transformation for 2nd Cipher
0x420x08Random IV bytes for 2nd Cipher
0x4A0x08Transformation rounds default 10000 for 2nd Cipher
0x56n+bAES256(Plaintext XORred with m bytes + b1 bytes)
0x56+n+bn+b3DES(m bytes + b2 bytes)

Key Generation:

AES Keys are provided by Keepass (Entry made during master password entry screen) and IV.

3DES Keys are generated by combining the keys derived from the second password entered along with SHA256 of (Plaintext XORred with m bytes + b1 bytes).

Note: Use this version of the plugin if you are using an older version of Keepass, this will not work with the latest versions for the latest version of the plugin download version 1.1 above.

Download MultiCipher Plugin for Keepass
Click here to download the files
Click here for the Source Code Repository

Bugs/Suggestions? email me support@titasraha.com

1 comment:

  1. It's a very nice plugin, for the paranoid :). The only complaint I have is that it is not universally compatible with any keepass port (Unless integrated by 3rd party developer, which isn't just yet). Hope to see stability updates/security improvements if necessary in the future :) Maybe make more algorithms availible, or seperate plugins with better algorithms such as TwoFish/ThreeFish, Serpent etc... 3Des doesn't seem as secure as other's, just an idea.

    Thank you for this added security :)