Decryption of passwords takes to long - clipboard copy failes #739
Comments
|
Hello David, Unfortunately, this browser security behavior can't currently be avoided, since password encryption is done by using defuse/php-encryption library which relies on AES-256 (https://github.com/defuse/php-encryption/blob/master/docs/CryptoDetails.md) encryption and HMAC for key authentication, so the encryption process would take some time depending on the system you are running sysPass on. The password popup doesn't have this security behavior, since the password is retrieved in the first Ajax request, so the the clipboard feature does only copy the text from the html element. I'm looking forward to a clipboard API draft (https://w3c.github.io/clipboard-apis/#async-clipboard-api) which allows to perform asynchronous requests to fill in the clipboard. Regards. |
Hi,
I've found an issue in our environment where the decryption of passwords takes between 900ms and 1.5s.
When the decryption time is longer than 999ms the clipboard copy fails (when using the shortcut located right between the lock icon on the account overview). It always works when showing username and password and using the clipboard buttons next to it.
So here is one case where it works:
And here is one case where it doesn't work:
I've read that this time limit was implemented in the browsers due to security reasons so that data can only be copied to the clipboard when triggered by the user (mouse click) and not by a timed event (timer, ...).
Is there something we could do to improve the decryption speed? Can we configure the key length to be less than 512 bytes? For us it is more important to use the clipboard copy shortcut than having a 100% secure storage of the passwords.
Thanks
David
The text was updated successfully, but these errors were encountered: